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(57)Abstract; 

PROBLEM TO BE SOLVED: To aUow a framework 
to certainly charge necessary constraint on a 
service to be offered to an application by the 
d3mamic construction of required mounting. 
SOLUTION: An application issues a request for 
mounting for a specific service to a framework. The 
framework receives this request, and when any 
constraint is present corresponding to this request, 
the framework decides which constraint should be 
charged on the requested mounting. This constraint 
is decided by judging whether or not the appUcation 
issuing the request for mounting is given 
authorization, and when this authorization is 
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present, this authorization is processed for introducing the set of constraints to be charged 
on the mounting. This authorization is processed so that the introduced set of constraints 
can be the minimum constraint level. 



CLAIMS 



[Claim(s)] 

[Claim 1]. It can set to a system as which mounting of specific service is required by 
application. Are the method of determining restrictions imposed on said mounting, and it is 
judged whether there is any permission given to said application which requires said 
mounting, A method provided with processing said permission in order to lead a set of 
restrictions imposed on said mounting according to judgment that there is at least one 
permission given to said application. 

[Claim 2] A method according to claim 1 of being what is processed so that said permission 
may serve as a restrictions degree with the smallest set of said restrictions. 
[Claim 3] A method according to claim 1 further provided with accessing a set of initial 
restriction according to judgment that there is no permission given to said appHcation, and 
drawing said restrictions based on said initial restriction. 

[Claim 4] said initial restriction — two or more law a method according to claim 3 of being 
what is drawn by merging a policy and extracting restrictions restrictions firom there. 
[Claim 5] A method according to claim 1 provided with preparing an index of said processing 
of said permission being what does not have restriction of said mounting according to 
judgment that said permission judges whether it is the permission in which aU are included, 
arid said permission is the permission which includes all. 

[Claim 6] A method according to claim 1 for which it had leading a set of said restrictions 
based on said permission according to judgment that said permission judges whether said 
processing of said permission needs to mount an exemption mechanism and said 
permission does not need to mount an exemption mechanism. 

[Claim 7]A method according to claim 6 provided with leading a set of said restrictions 
based on said parameter according to judgment that drawing said restrictions judged 
whether said permission would have specified a set of a parameter and said permission has 
specified a set of a parameter. 

[Claim 8] A method according to claim 6 provided with preparing an index of being a thing 
without restriction of said mounting according to judgment that drawing said restrictions 
judges whether said permission has specified a set of a parameter and said permission has 
not specified a set of a parameter. 
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[Claim 9]It is judged whether it needs to mount an exemption mechanism in which said 
permission is [ said processing of said permission ] specific, A method according to claim 1 
provided with adjusting said permission and said exemption restrictions in order to access 
a set of exemption restrictions and to draw said restrictions according to judgment that it 
needs to mount an exemption mechanism in which said, permission is specific. 
[Claim 10] Said adjustment with said permission and said exemption restrictions judges 
whether said exemption restrictions permit that said specific exemption mechanism is 
mounted to said mounting, A method according to claim 9 by which said exemption 
restrictions were provided with drawing said restrictions based on said exemption 
restrictions according to judgment that it permits that said specific exemption mechanism 
is mounted to said mounting. 

[Claim ll]Said adjustment with said permission and said exemption restrictions judges 
whether said exemption restrictions permit that said specific exemption mechanism is 
mounted to said mounting, A method according to claim 9 provided with said exemption 
restrictions accessing a set of initial restriction according to judgment that it does not 
permit that said specific exemption mechanism is mounted to said niounting, and drawing 
said restrictions based on said initial restriction. 

[Claim 12]said exemption restrictions — two or more law - a method according to claim 9 of 
being what is drawn by merging a poUcy and extracting restrictions restrictions from there. 
[Claim 13] A method according to claim 1 provided with scrutinizing a Call Stack, in order 
to judge any application with which said judgment whether there is any permission given 
to said application required said mounting is. 

[Claim 14]A method according to claim 13 further provided with said judgment whether 
there is any permission given to said application attesting said appUcation. 
[Claim 15]A device which determines restrictions in a system characterized by comprising 
the following as which mounting of specific service is required by application imposed on 
said mounting. 

A mechanism in which it is judged whether there is any permission given to said 
application which requires said mounting. 

A mechanism which processes said permission in order to lead a set of restrictions imposed 
on said mounting according to judgment that there is at least one permission given to said 
application. 

[Claim 16]The device according to claim 15 which is what is processed so that said 
permission may serve as a restrictions degree with the smallest set of said restrictions. 
[Claim 17] The device according to claim 15 further provided with a mechanism which 
accesses a set of initial restriction, and a mechanism to carry out in which said restrictions 
are drawn based on said initial restriction, according to judgment that there is no 
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permission given to said application. 

[Claim 18]said initial restriction - two or more law - the device according to claim 17 which 
is what is drawn by merging a poUcy and extracting restrictions restrictions from there. 
[Claim 19]The device comprising according to claim 15: 

A mechanism in which said mechanism which processes said permission judges whether it 
is the permission in which said permission includes all. 

A mechanism which prepares an index of being a thing without restriction of said moimting 
according to judgment that said permission is the permission which includes all. 

[Claim 20]The device comprising according to claim 15: 

A mechanism which said mechanism which processes said permission judges for whether 
said permission needs to mount an exemption mechanism. 

A mechanism in which a set of said restrictions is led based on said permission according to 
judgment that said permission does not need to mount an exemption mechanism. 

[Claim 21]The device comprising according to claim 20: 

A mechanism in which said mechanism in which said restrictions are drawn judges 
whether said permission has specified a set of a parameter. 

A mechanism in which a set of said restrictions is led based on said parameter according to 
judgment that said permission has specified a set of a parameter. 

[Claim 22]The device comprising according to claim 20: 

A mechanism in which said mechanism in which said restrictions are drawn judges 
whether ssdd permission has specified a set of a parameter. 

A mechanism which prepares an index of being a thing without restriction of said mounting 
according to judgment that said permission has not specified a set of a parameter. 

[Claim 23]The device comprising according to claim 15: 

A meichanism in which it is judged whether it needs to mount an exemption mechanism in 
which said permission is [ said mechanism which processes said permission ] specific. 
A mechanism which accesses a set of exemption restrictions according to judgment that it 
needs to mount an exemption mechanism in which said permission is specific, and a 
mechanism in which said permission and said exemption restrictions are adjusted in order 
to draw said restrictions. 

[Claim 24]The device comprising according to claim 23: 

A mechanism in which said mechanism in which said permission and said exemption 
restrictions are adjusted judges whether said exemption restrictions permit that said 
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specific exemption mechanism is mounted to said mounting. 

A mechanism in which said exemption restrictions draw said restrictions based on said 
exemption restrictions according to judgment that it permits that said specific exemption 
mechanism is mounted to said mounting. 
[Claim 25]The device comprising according to claim 23: 

A mechanism in which said mechanism in which said permission and said exemption 
restrictions are adjusted judges whether said exemption restrictions permit that said 
specific exemption mechanism is moimted to said mounting. 

A mechanism in which said exemption restrictions access a set of initial restriction 
according to judgment that it does not permit that said specific exemption mechanism is 
mounted to said mounting, and a mechanism in which said restrictions are drawn based on 
said initial restriction. 

[Claim 26] said exemption restrictions - two or more law - the device according to claim 23 
which is what is drawn by merging a policy and extracting restrictions restrictions from 
there, 

[Claim 2 7] The device according to claim 15 with which said mechanism in which it was 
judged whether there is any permission given to said application was provided with a 
mechanism in which a Call Stack is scrutinized in order to judge any apphcation which 
required said moimting is. 

[Claim 28]The device according to claim 27 with which said mechanism in which it was 
judged whether there is any permission given to said application was further provided with 
a mechanism which attests said application. 

[Claim 29] When it is the medium characterized by comprising the following which stored a 
command and in which computer reading is possible and said command is executed by 1 or 
two or more processors, this - what is operated so that restrictions which impose 1 or two 
or more processors on mounting of specific service of which it was required by application 
may be determined 

A command whose 1 or two or more processors are operated so that it may judge whether 
there is any permission given to said application with which a medium in which said 
computer reading is possible requires said mounting. 

A command which operates 1 or two or more processors so that said permission may be 
processed in order to lead a set of restrictions imposed on said mounting according to 
judgment that there is at least one permission given to said application. 
[Claim 30]A medium which is what is processed so that said permission may serve as a 
restrictions degree with the smallest set of said restrictions and in which the computer 
reading according to claim 29 is possible. 

[Claim 31] According to judgment that there is no permission given to said application, so 
that a set of initial restriction may be accessed, A medium which was further provided with 
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a command which operates 1 or two or more processors, and a command to which said 
restrictions are led based on said initial restriction, and which operates 1 or two or more 
processors so that it may carry out and in which the computer reading according to claim 29 
is possible, 

[Claim 32]said initial restriction - two or more law — a medium which is what is drawn by 
merging a policy and extracting restrictions restrictions from there and in which the 
computer reading according to claim 31is possible. 

[Claim 33]A medium in which the computer reading according to claim 29 is possible, 
comprising: 

A command said command which operates 1 or two or more processors operates 

[ command ] 1 or two or more processors so that it may judge whether it is the permission in 

which said permission includes all so that said permission may be processed. 

A command which operates 1 or two or more processors so that an index of being a thing 

without restriction of said mounting may be prepared according to judgment that said 

permission is the permission which includes all. 

[Claim 34]A medium in which the computer reading according to claim 29 is possible, 
comprising: 

A command whose 1 or two or more processors are operated so that said permission may be 
processed and said permission may judge whether said command which operates 1 or two 
or more processors needs to mount an exemption mechanism. 

A command which operates 1 or two or more processors according to judgment that said 
permission does not need to mount an exemption mechanism so that a set of said 
restrictions may be led based on said permission. 

[Claim 35]A medium in which the computer reading according to claim 34 is possible, 
comprising: 

A command which operates 1 or two or more processors so that said restrictions may be 
drawn and said command which operates 1 or two or more processors may judge whether 
said permission has specified a set of a parameter. 

A command which operates 1 or two or more processors according to judgment that said 
permission has specified a set of a parameter so that a set of said restrictions may be led 
based on said parameter. 

[Claim 36] A medium in which the computer reading according to claim 34 is possible, 
comprising: 

A command which operates 1 or two or more processors so that said restrictions may be 
drawn and said command which operates 1 or two or more processors may judge whether 
said permission has specified a set of a parameter. 
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A command which operates 1 or two or more processors so that an index of being a thing 
without restriction of said mounting may be prepared according to judgment that said 
permission has not specified a set of a parameter. 

[Claim 37]A medium in which the computer reading according to claim 29 is possible, 
comprising: 

A command which operates 1 or two or more processors so that it may judge whether it 
needs to mount an exemption mechanism in which said permission is [ said command 
which operates 1 or two or more processors ] specific so that said permission may be 
processed. 

A command which operates 1 or two or more processors according to judgment that it needs 
to mount an exemption mechanism in which said permission is specific so that a set of 
exemption restrictions may be accessed, and a command which operates 1 or two or more 
processors so that said permission and said exemption restrictions may be adjusted in order 
to draw said restrictions. 

[Claim 38]A medium in which the computer reading according to claim 37 is possible, 
comprising: 

A command whose 1 or two or more processors said command which operates 1 or two or 
more processors operates so that said exemption restrictions may judge whether it permits 
that said specific exemption mechanism is mounted to said mounting so that said 
permission and said exemption restrictions may be adjusted. 

A command which operates 1 or two or more processors so that said exemption restrictions 
may draw said restrictions based on said exemption restrictions according to judgment that 
it permits that said specific exemption mechanism is mounted to said mounting. 
[Claim 39]A medium in which the computer reading according to claim 37 is possible, 
comprising: 

A command whose 1 or two or more processors said command which operates 1 or two or 
more processors operates so that said exemption restrictions may judge whether it permits 
that said specific exemption mechanism is mounted to said mounting so that said 
permission and said exemption restrictions may be adjusted. 

A command which operates 1 or two or more processors so that said exemption restrictions 
may access a set of initial restriction according to judgment that it does not permit that said 
specific exemption mechanism is mounted to said mounting, and a command which 
operates 1 or two or more processors so that said restrictions may be drawn based on said 
initial restriction. 

[Claim 40]said exemption restrictions - two or more law -- a medium which is what is 
drawn by merging a policy and extracting restrictions restrictions fi'om there and in which 
the computer reading according to claim 37 is possible. 

[Claim 41] So that it may judge whether there is any permission given to said application, A 
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medium by which said command which operates 1 or two or more processors was provided 
with a command which operates 1 or two or more processors so that a Call Stack might be 
scrutinized, in order to judge any application which required said mounting is and in which 
the computer reading according to claim 29 is possible. 

[Claim 42] So that it may judge whether there is any permission given to said application, A 
medium by which said command which operates 1 or two or more processors was further 
provided with a command which operates 1 or two or more processors so that said 
appUcation might be attested and in which the computer reading according to claim 41 is 
possible. 

DETAILED DESCRIPnON 



[Detailed Description of the Invention] 
[0001] 

[Field of the Invention] Especially this invention relates to the mechanism for determining 
the restrictions imposed on mounting of the service demanded by application about a 
computer system. 
[0002] 

[Description of the Prior ArtJFor years, the U.S. Department of Commerce regulated export 
of the computer program or apphcation containing a data encryption algorithm, and has 
forbidden depending on the case. The computer program which is using the encryption 
algorithm using the encryption key more than the fixed number of bits as a present 
principle cannot be exported (the length of the key which can be specified is peculiar to an 
algorithm). There is also an exception in this rule. One of the exceptions can increase the 
length of a key, i.e., the encryption strength of a program, by the case where the exemption 
mechanism is adopted, depending on the case. There are key escrow (key escrow), the key 
recovery (key recovery), and the key weakening (key weakening) in the example of an 
exemption mechanism. The length of a key can be enlarged depending on the kind of 
program. For example, the application for a medical institution and financial institutions 
enlarges the length of a key, and the present regulation permits what the safety of 
appUcation is improved for (it is used for protection of advanced security data). While there 
is blessed application with larger tolerance level than other applications, export control is 
needed for all encryption applications. 
[0003] 

[Problem(s) to be Solved by the Invention] These regulations are applied also to the program 
which it is not only applied to the program which is using the encryption algorithm directly, 
but has an interface to the program which is using the encr3^tion algorithm directly. The 
"framework" program which provides the infrastructure for performing the interaction 
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during various programs smoothly is included in a program. Although the framework itself 
does not mount any encryption algorithms, it is permissible that one or more programs 
which mount the encryption algorithm interface to a framework, or carry out "plug-in" to a 
framework. It is Java Cryptography Extension of Java Platform by [ of the example of such 
a framework ] Suxi Microsystems, Inc. of California and Palo Alto in.one. In permitting that 
a framework carries out "plug-in" of the cipher device style to a framework, export control is 
needed for the framework itself. This means that a framework needs to guarantee that all 
the export control is protected irrespective of code mounting [ BURAGUIN / mounting / the 
framework ], in order to be made to be possible [ export ]. In order to offer this guarantee, a 
framework needs to restrain code mounting with one of mechanisms. 
[0004] 

[Means for Solving the ProblemJIf this invention is followed, a mechanism in which 
mounting which imposes restrictions on service and by which custom-made ** was carried 
out is built dynamically is provided. For the purpose of this invention, service is defined as 
a broad sense and includes all functions provided to a demand or this application by 
apphcation including encrjrption/decoding function (however, not limited to this). In one 
embodiment of this invention, an invention is realized within a system provided with 
general mounting and a framework of apphcation and specific service. 
[0005]A framework receives a demand of mounting of specific service, for example, 
mounting of a specific encryption algorithm, from apphcation. When restrictions of a 
framework exist corresponding to this, restrictions which need to be imposed on demanded 
mounting are determined. In one embodiment, when these restrictions are determined and 
there is this permission by judging whether a framework has the permission given to said 
application, in order to lead a set of restrictions imposed on said mounting, this permission 
is processed. In one embodiment, this permission is processed so that a set of restrictions 
led may serve as the smallest restrictions degree.. If these restrictions are determined, a 
framework will build demanded moimting dynamically. In one embodiment, demanded 
moimting is. built so that it may incorporate enforcement logic which imposes restrictions 
on general mounting of said service, said restrictions, and said general mounting. Since 
demanded mounting was built for said apphcation, it was customized for [ the ] applications. 
Therefore, this mounting is called mounting by which custom-made ** was carried out. 
[0006]After mounting by which custom-made ** was carried out is built dynamically, a 
framework provides application with mounting by which custom-made ** was carried out. 
Then, application calls directly mounting by which custom-made ** was carried out for 
service. Since restrictions and enforcement logic for imposing it are included in mounting 
by which custom-made ** was carried out, the application does not need to act on a 
framework and mutual further. The mounting itself by which custom-made ** was carried 
out will provide service, and restrictions will be added certainly. Thus, according to 
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djniamic construction of mounting by which custom-made ** was carried out, restrictions 

which needs a framework for service provided to application can be added. 

[0007] 

[Embodiment of the InventionJThe block diagram of the system 100 by which one of the 
embodiments of this invention is realized is shown in drawing 1 . The framework 102 for 
performing smoothly the interaction between 1, two or more applications 104 and 1 or two 
or more general mounting 106, the set 108 of the specified restriction, and various kinds of 
components is included in this system 100. The application 104 requires mounting of 
service of the framework 102, and receives it. Here, various kinds of applications or 
programs may be sufficient as the application 104, and it contains a Java applet, Java 
appUcation, the application (not limited to these) compiled native, etc. For the purpose of 
this invention, the term of "service" is defined as a broad sense, and includes all the 
functions provided to a demand or this application by application including 
encryption/decoding function (however, not limited to this). 

[0008]The appUcation 104 specifies the kind of service for mounting which it desires, when 
requiring mounting of the framework 102. For example, the application 104 can require 
mounting of the "Blowfish" encryption algorithm. Corresponding to this, the framework 102 
provides the applications 104 which have advanced the demand with mounting of the 
demand service by which custom-made ** was carried out at the apphcation 104. 
Restrictions of the service which a framework provides are included in mounting which is 
provided by the framework 102 and by which custom-made ** was carried out. These 
restrictions are determined based on the set of the specified restriction 108, and the 
permission 110 observed in the application 104 which has advanced the demand if it was so 
that it may mention later. 

[0009]The general mounting 106 expresses moiintixigof the service which "plug-in" is 
carried out to the framework 102, or interfaces. Each of the general mounting 106 realizes 
service of a specific kind. For example, one general mounting mounts the "Blowfish" 
encryption algorithm, and another mounting mounts a DES encryption algorithm 
simultaneously. Each of the general mounting 106 is not restrained. That is, even if the 
restriction 108 or the permission 110 exists, mounting 106 general the very thing is not 
barred by restrictions. By this, when the general moimting 106 is mounting of an 
encryption algorithm, an encryption algorithm can be set as perfect intensity. The 
framework 102 guarantees that suitable restrictions are added to the service provided for 
the application 104, and it is not the general moimting 106 so that it may explain below. 
[OOlOJIn the system 100, the framework 102 is a component which adjusts the whole 
operation of the system 100. The flow chart showing general operation of the framework 
102 is shown in drawing 2 . The framework 102 operates by receiving the demand of 
mounting (for example, mounting of a Blowfish encryption algorithm) of service of a specific 
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kind from the application 104 as shown in drawing 2 (202). When restrictions exist 
corresponding to this, the framework 102 judges restrictions required for demanded 
mounting (204). In one embodiment of this invention, if there is the framework 102 about 
the specified restriction 108, it will judge restrictions by adjusting with the permission 110 
observed in the application 104 which has advanced the demand. And in one embodiment of 
this invention, the framework 102 tends to add minimum restrictions as much as possible. 
In other words, in consideration of the permission 110 and the restriction 108, the 
framework 102 is tried so that generously as much as possible. 
[0011]If restrictions are decided, the framework 102 wiU build demanded mounting 
dynamically (206). In one embodunent of this invention, demanded mounting is constituted 
by finding the general related mounting 106 which mounts the demanded kind (for example, 
general mounting 106 which realizes a Blowfish encryption algorithm) of service. If this is 
found, this general related mounting 106 will be included in demanded mounting with the 
restrictions determined before. The set of enforcement logic is also built into this demanded 
mounting. This enforcement logic guarantees that these restrictions are imposed on the 
general related mounting 106. Therefore, in spite of not attaching restrictions to mounting 
106 general related the very thing, enforcement logic serves as suitable restrictions applied 
to the general related mounting 106. General related mounting, the restrictions 
incorporated here, and enforcement logic are used, and the demanded construction of 
mounting is completed. Since demanded mounting incorporates construction, i.e., the 
demanded restrictions peculiar to application, specially to the demanded applications 104, 
demanded moimting can be seen to the demanded apphcations 104 as mounting by which 
custom-made ** was carried out, 

[00 12] Construction of mounting by which custom-made ** was carried out will pass this 
moimting to the demanded application 104 (208). Then, the application 104 requires service 
of mounting by which custom-made ** was carried out directly. Since the enforcement logic 
for imposing restrictions and restrictions on mounting by which custom-made ** was 
carried out is incorporated, it becomes unnecessary for the application 104 to act on the 
framework 102 and mutual further. The mounting itself by which custom-made ** was 
carried out provides service, and restrictions come to be certainly added to service. By 
building dynamically mounting by which custom-made ** was carried out like this method, 
the restrictions which needs the framework 102 for the service provided for the application 
104 are added certainly. 

[0013]The above-mentioned explanation provides the general outline of this invention. 
Drawing 3 explains one embodiment of this invention in detail. By the following 
explanation, this invention is required and the service provided is explained in relation to 
object-oriented mounting which is cipher service. Note that this is used only for the purpose 
of explanation. This invention is not limited to the range of explanation. If it says 
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appropriately, this invention will generally be applied to all kinds of programming 
environment, and all the kinds to which restrictions need to be added of service. 
[0014]The details of the framework 102 are shown in drawing 3 and drawing 4 . The 
framework 102 is provided with the application programming interface (API) 302, the 
service provider interface (SPI) 304, and the core 320 as shown in the figure. API302 
expresses the resource which the application 104 can call directly. API302 is provided with 
Cipher object classes 306 and ExemptionMechanism object classes 308 in one embodiment 
of this invention. It is mixed with other methods and Cipher object classes 306 is provided 
with a Getlnstance method and an Init method. A Getlnstance method is a method called 
by the application 104, when application requires motmting of service. Corresponding to 
this method call, the instance of Cipher object classes 306 is built and it is returned to the 
application 104 currently called. Custom-made ** of the returned Cipher instance is carried 
out for [ which is called .] applications, and it contains the enforcement logic for adding 
these restrictions to restrictions and the service which can provide a Cipher instance. If a 
Cipher instance is returned, call appearance of the method of a Cipher instance will be 
directly carried out by the appUcation 104. One of the methods which need to be called by 
the application 104 currently called is an Init method. This method initializes a Cipher 
instance and enables it to operate a Cipher instance. The Init method operates as 
enforcement logic for adding restrictions to a Cipher instance. A Gietlnstance method and 
an Init method are mentioned later in detail. 

[00 15] As already explained, when 1 or two or more exemption mechanisms (a key escrow, a 
key recovery, or key weakening) are mounted, the encrj^tion algorithm (for example, key 
length was lengthened) which strengthened encryption strength depending on the case can 
be reaUzed. When the exemption mechanism is mounted, ExemptionMechanism object 
classes 308 operates. This class provides two or more methods which can be called. In order 
that these methods may call the function of a specific exemption mechanism (for example, a 
key recovery block is generated when an exemption mechanism is a key recovery). It is . 
called in order to judge whether required operation was performed (for example, was the 
key recovery block generated or not?). Object classes 306 and 308 of API302 is explained in 
detail later. 

[0016]SPI304 provides an interface required for a service provider, and carries out plug-in 
of the service mounting of a service provider to the framework 102. SPI304 is provided with 
SPI304 object classes corresponding to each API302 object classes in one embodiment of 
this invention. That is, CipherSpi object classes 310 of SPI304 corresponding to Cipher 
object classes 306 of API302 exists. And ExemptionMechanismSpi object classes 312 of 
SPI304 corresponding to ExemptionMechanism object classes 308 of API302 exists. This 
correspondence of 1 to 1 makes it easy to map the method of the API classes 306 and 308 in 
the method of the SPI classes 310 and 312. This importance is mentioned later in detail. 
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SPI object classes 310 and 312 is abstract object classes, and while the method which must 
be mounted by the class is shown, it means that object classes itself provides no mounting 
of these methods. A service provider takes charge of offer of mounting. In order to provide 
the mounting 106 of service, a service provider subclasses one of the object classes of 
SPI304, and mounting is prepared for [ all the ] the method in which the SPI class was 
defined as the subclass. Thus, the general mounting 106 shown in drawing 3 b ecomes a 
subclass of object classes 310 and 312 of SPI304. Each of the general mounting 106 can also 
mount service of a different kind. Each of (for example, a Blowfish encryption algorithm is 
moimted, and a DES encryption algorithm is moimted simultaneously, and a key recovery 
exemption mechanism can be mounted simultaneously) and the general mounting 106 can 
be realized without receiving no restrictions. General mounting 106 can also be carried out 
to come at mounting (for example, unrestricted in the length of an encryption key) of the 
maximum intensity. The core 320 of the framework 102 is provided with JCESecurity object 
classes 314 and JCESecurityManager object classes 316. In one embodiment of this 
invention, these object classes 314 and 316 is package private life, and cannot cariy out 
direct access of the application 104. A JCESecurity class is provided with a Getlmpl method 
and a JCESecurityManager class is provided with a GetCr3^toPermission method as 
shown in drawing 3 . These methods are called as a result of the call of the Getlnstance 
method of the Cipher class 306, collaborate and do the work of a large number required for 
dynamic construction of mounting by which custom-made ** was carried out. If the 
contents of all the systems are understood, you can understand well the function performed 
by these methods. Therefore, next, in order to understand all the inventions smoothly, the 
flow chart of drawing 5 and drawing 6 explains all the operations of a system. 
[0017]When it needs mounting of specific cipher service, the application 104 is calling the 
Getlnstance method of Cipher object classes 306, and advances the demand of mounting. In 
this call, application specifies the kind of service which is demanding mounting. In one 
embodiment of this invention, the kind of service becomes an encryption algorithm name 
like Blowfish, for example. The Cipher class 306 receives this demand (404), and calls the 
function of a Getlnstance method. Corresponding to this, a Getlnstance method calls the 
Getlmpl method of the JCESecurity class 314. A Getlmpl method performs two or more 
important functions. This method judges whether it is usable in the general mounting 106 
which mounts service of the demanded kind first (408). For example, it is judged whether 
either of the general mounting 106 mounts the Blowfish encryption algorithm. When the 
suitable general mounting 106 is not found, an error message is returned to the application 
104 which returns an error. message to a Getlnstance method (412), next is called. On the 
contrary, when the general mounting 106 which mounts demanded service is found, a 
Getlmpl method keeps on whether attesting found general mounting, and judges (416). 
although the method of performing this attestation is mentioned later in detail, attestation 
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is performed here using a digital signature verification mechanism only — it explains. 
[0018]When a Getlmpl method judges that the general mounting is not attested, it is 
judged whether the general mounting 106 which can offer service demanded exists else 
(420). When the mounting 106 general to others does not exist, a Getlmpl method returns 
an error message to the appUcation 104 which returns an error message to a Getlnstance 
method (424), next is called. When the general mounting 106 which can offer service 
demanded exists in others, a Getlmpl method judges whether it returns to the process 416 
and general new mounting is attested. It continues until this processing is judged that the 
attested general mounting 106 which can ofifer service which attested moimting was found 
or was demanded does not exist. 

[00 19] When the general mounting 106 (this mounting vriU be called related mounting) with 
which the demanded service was attested is found, A Getlmpl method instantiates related 
mounting and generates the instance (namely, CipherSPI instance) of mounting (428). 
Then, a Getlmpl method judges whether it is necessary to add a certain restriction to the 
instance of mounting (432). In one embodiment of this invention, this judgment is made by 
judging whether it is set up for the operation with the internal fi-amework 102, or global 
operation. Since export control is not applied when being set up so that a fi:amework may be 
restricted to the use in the country, it is not necessary to add restrictions. The possibility of 
restriction is taken into consideration when set up, perform operation with the global 
framework 102 on the other hand. 

[0020]In order to judge the restrictions added to the instance of mounting, (436) and a 
Getlmpl method call the GetCryptoPermission method of the JCESecurityManager class 
316. The important function of a GetCryptoPermission method is adjusting the specified 
restriction 108 and the permission 110 observed in the application 104 currently called if it 
was, and leading the set of restrictions. The set of these restrictions is returned to a 
Getlmpl method by the GetCryptoPermission method. And in one embodiment of this 
invention in the set of these restrictions. Some cryptographic parameters, such as a 
demanded name of an encrjrption algorithm, a name of the exemption mechanism which 
needs to be imposed (supposing it exists), the maximum key length, the maximum 
execution repetition number (required for algorithms, such as RC5) of a code which are 
used, are contained. A Getlmpl method will judge whether the exemption mechanism is 
specified within these restrictions, if these restrictions are received (440). When the 
exemption mechanism is not specified within restrictions, he follows a Getlmpl method to 
the process 448. 

[0021] However, when the exemption mechanism is specified, a Getlmpl method continues 
and generates the instance of the specified exemption mechanism. In one embodiment of 
this invention, this calls the Getlnstance method of the ExemptionMechanism class 308, 
and is attained by telling the name of an exemption mechanism. To this call, the 
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Getlnstance method of the ExemptionMechanism class 308, The Getlmpl method of the 
JCESecurity class 314 is called (this call wants to be cautious of becoming the call of the 
2nd of a Getlmpl method). Corresponding to this, a Getlmpl method searches the effective 
general mounting 106 which mounts the specified exemption mechanism, instantiates the 
general mounting 106 (444), and generates an ExemptionMechanismSpi instance. Then, a 
Getlmpl method returns an ExemptionMechanismSpi instance to the Getlnstance method 
of the ExemptionMechanism class 308 (this is the return firom the call of the 2nd of a 
Getlmpl method). 

[0022] Next, the Getlnstance method of the ExemptionMechanism class 308, The 
constructor of the ExemptionMechanism class 308 is called and the 
ExemptionMechanismSpi instance returned from the Getlmpl method is passed to a 
constructor. When called, a constructor instantiates the ExemptionMechanism class 308 
and generates an ExemptionMechanism instance. Next, a constructor encapsulates an 
ExemptionMechanismSpi instance in an ExemptionMechanism instance. It maps in a 
method [ method / of an ExemptionMechanism instance / constructor / in that case / 
instance / ExemptionMechanismSpi ]. The Init method of an ExemptionMechanism 
instance is mapped by the Enginelnit method of an ExemptionMechanismSpi instance in 
one embodiment of this invention, A GenExemptionBlob method is mapped by the 
EngineGenExemptionBlob method. As for this mapping, a caU in the method of an 
ExemptionMechanism instance is sent to the right method of an ExemptionMechanismSpi 
instance. If an ExemptionMechanismSpi instance is encapsulated in an 
ExemptionMechanism instance, instantiation of an ExemptionMechanism instance will be 
completed. 

[0023]Then, a Getlmpl method returns to the Getlnstance method of the Cipher class 306 
(this). A certain Getlnstance method is provided with the instance of moimting, the set of 
restrictions, and (supposing it is) an ExemptionMechanism instance by the return from the 
1st call of a Getlmpl method. Next, the Getlnstaiice method of the Cipher class 306, The 
constructor of the Cipher class 306 is called and the instance of mounting received from the 
Getlmpl method to the constructor, the set of restrictions, and (supposing it is) an 
ExemptionMechanism instance are passed. Corresponding to this, a constructor 
instantiates the Cipher class 306 (448) and generates a Cipher instance. Next, a 
constructor encapsulates the instance of mounting, the set of restrictions, and (supposing it 
is) an ExemptionMechanism instance in a Cipher instance (452). That is, the Cipher 
instance operates as a "wrapper" object. A constructor is mapped in the instance method of 
mounting corresponding to the case where the instance of mounting is encapsulated to a 
Cipher instance, for the method of a Cipher instance. In one embodiment of this invention, 
the Init method of a Cipher instance, It is mapped by the Enginelnit method of the instance 
of mounting, a Update method is mapped by the EngineUpdate method, and a DoFinal 
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method is mapped by the EngineDoFinal method. This mapping is sent to the method of the 
instance of right mounting of a call in the method of a Cipher instance. Since mounting of 
these methods is provided by the instance of mounting, it becomes such. If encapsulation 
procesfsing is completed, a constructor will return to the Getlnstance method of the Cipher 
class 306. Next, a Getlnstance method returns to the application 104 currently called, and 
provides the Cipher instance newly built by the application 104 (456). Then, the application 
104 currently called can call the method of a Cipher instance directly. 
[0024] In one embodiment of this invention, one of the first methods to which the 
application 104 currently called needs to call a Cipher instance is an Init method. This 
method initializes a Cipher instance and prepares an Init method for the usual operation. 
While calling this method, the application 104 currently called provides the set of 
initialization parameters. In one embodiment of this invention, the encryption key used for 
encryption and other arbitrary cr3rptographic parameters which have specified the 
attribute peculiar to algorithms, such as a repetition number of a code, are contained in 
these parameters (when a specific encryption algorithm needs). 
[0025]When an Init method is called, an Init method compares the initialization 
parameters passed by the apphcation 104 ciurently called with the restrictions 
encapsulated in the Cipher instance. When initialization parameters are a level of 
restrictions, or less than it, an Init method is passed to the Enginelnit method of the 
instance of mounting of initialization parameters, and enables it to initialize the instance of 
mounting. After the instance of mounting is initialized, operation of a Cipher instance is 
attained, thus, the application 104 which is calling the Update method and DoFinal method 
of the Cipher instance in order to perform operation of encryption/decrj^tion — therefore, it 
can call. However, when it is judged that the level of restrictions with which the 
initialization parameters passed by the application 104 which the Init method is calling 
were encapsulated was exceeded. An Init method is made not to be passed to the Enginelnit 
method of the instance of mounting of initialization parameters. It is made not to initialize 
by it, the instance, i.e., the Cipher instance, of mounting. When a Cipher instance is not 
initialized, it becomes impossible for the Cipher instance to operate normally. Thus, an Init 
method is prevented from operating a Cipher instance effectively by not initializing. By this 
method, the encapsulated restrictions commit an Init method as enforcement logic which 
ensures being imposed on the instance of mounting. 

[0026] When an ExemptionMechanism instance is encapsulated in a Cipher instance, the 
Init method of the Cipher class 306 performs an additional function. The function ensures 
performing required operation, before an ExemptionMechanism instance is called correctly 
and performs a data encryption with the application 104. For example, when an exemption 
mechanism is a key recovery, before enciphering data, it is necessary to call an 
ExemptionMechanism instance, and to generate and save a key recovery block. In order to 
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ensure what required operation was performed for by the ExemptionMechanism instance, 
an Init method calls the IsCryptoAllowed method of an ExemptionMechanism instance. In 
one embodiment of this invention, an ExemptionMechanism instance, Information is held 
in it about whether the GenExemptionBlob method was called (the ExemptionMechanism 
instance is the origin by which operation of a required exemption mechanism is performed). 
An IsCryptoAllowed method is called and this information can access it. Operation which 
needs this IsCryptoAllowed method was performed (.). That is, when what the 
GenExemptionBlob method was called for is shown, an Init method enables it to initialize, 
the instance, i.e., the Cipher instance, of mounting. Since it keeps an Init method from the 
ability of initiahzation to do when required operation is not performed, the Cipher instance 
can operate no longer. Therefore, an Init method not only adds restrictions to the instance 
of mounting, but ensures that an exemption mechanism is applied. 
[0027]As mentioned above, it is a GetCryptoPermission method of the 
JCESecurityManager class 316 which judges the restrictions added to the service provided 
by the Cipher instance. These restrictions will be determined as the specified restriction 
108 based on the permission HQ observed in the application 104 currently called, if it is. 
Although one embodiment of a GetCrj^toPermission method is described below, before 
describing an embodiment in detail, in order to understand all this inventions smoothly, the 
restriction 108 and the permission 110 are explained briefly. 

[0028] In one embodiment of this invention, the restriction 108 comprises two-set restriction 
of default configuration and exemption setting out. Fundamentally, default configuration 
specifies the initial restriction which needs to be added to an encryption algorithm, when 
the exemption mechanism is not mounted. And when the exemption mechanism is mounted, 
the restriction which needs to be added to an encryption algorithm is specified as exemption 
setting out. Generally, when the exemption mechanism is motinted, a firm cryptographic 
parameter can be used. In one embodiment of this invention, restriction of both setting out 
is diie to the law and regulation which are applied. 

[0029] Each setting out (default configuration or exemption setting out) of restriction 
comprises 0 or one or more entries. Some restrictions added to a specific encryption 
algorithm and its algorithm are specified as each entry. The entry of each setting out about 
restriction is having the same structure. In one embodiment of this invention, each entry 
comprises the field or the information container which saves the following information. 
(1) Restriction of a code peculiar to the algorithm of others, such as the maximum repetition 
number of a code, by which an encryption algorithm name, an identifier (2) exemption 
mechanism name or the identifier (3) maximum key length, and (4) execution are earned 
out [0030]Because of the purpose of this invention, any desirable forms are possible for an 
entry. For example, it can mount as an object with the required information encapsulated in 
it in each entry, and each entry can also be made into the combination of a text in a file. As 
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long as right information is provided, any desirable thing forms can be used. 
[0031]The example of the default configuration of restriction and exemption setting out is 
shown in drawing 7 . In the entry of default configuration, it is cautious of an exemption 
mechanism specifying neither but certainly specifying an exemption mechanism by the 
entry of exemption setting out. Since default configuration specifies the restrictions added 
when the exemption mechanism is not mounted and exemption setting out specifies the 
restrictions added when the exemption mechanism is moimted, it becomes such. 
[0032]The interpretation of the default configuration of restriction is easy/Fundamentally, 
each entry expresses the maximum cryptographic parameter about a specific encryption 
algorithm. Therefore, with a Blowfish algorithm, the 128-bit maximum key length is used 
like drawing 7 . Similarly, in RC5 algorithm, the 64-bit maximum key length and the 
maximum repetition number of 10 times of codes are used. The interpretation of exemption 
setting out is easy almost similarly. Fundamentally, the 1st entry of exemption setting out 
shows that the maximum key length is made to increase and it is made to 256 bits, when 
the key recovery exemption mechanism is mounted with the Blowfish algorithm. Similarly, 
it is shown that the 2nd entry makes the maximum key length increase, and is made to 256 
bits when the key escrow exemption mechanism is mounted with the Blowfish algorithm. 
Note that the same algorithm name (in this case, Blowfish) can be described for two or more 
entries in exemption setting out. If the exemption mechanisms specified as these entries 
differ, the same algorithm name can be described. 

[0033]The restriction 108 specified is a part of only factor taken into consideration by the 
determination of the restrictions added to a Cipher instance. The permission 110 observed 
in the apphcation 104 cvirrently called exists, then another factor is them. As explained 
above, firm cryptography can be used for a kind like the application for a medical 
institution and financial institutions of application compared with other applications. The 
authority to use firm cryptography with the application for a medical institution and 
financial institutions or other applications is reflected in the permission 110 observed in 
application. In one embodiment of this invention, the permission 110 takes one of two or 
more forms. The 1st form is Cr3rptoAUPermission information. When application is given 
CryptoAllPermission, all the permissions in which the meaning is possible to apphcation 
will be given. In other words, application is not restricted. This enables the highest 
permission that can be accepted, therefore is observed in the apphcation of a **** small 
number. 

[0034]Permission lower than this which is observed in application is permission for 
strengthening the encryption strength of a specific cryptographic algorithm, or mounting 
indefinitely. In one embodiment of this invention, this kind of permission specifies the 
combination (for example, the maximum key length) of a specific algorithm name (for 
example, Blowfish) and arbitrary maximum parameters. When the combination of a 
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maximum parameter is specified, an encr3qDtion algorithm may be mounted on the level of 
the maximum parameter specified. When the combination of a maximum parameter is not 
specified, an encryption algorithm may be mounted on arbitrary levels (that is, an 
algorithm is not restrained). Thus, when Blowfish is specified with the 128-bit maximum 
key length by permission, the apphcation can use a Blowfish encr3q3tion algorithm by the 
128-bit inaximum key length. Only in the case that Blowfish is specified by permission, the 
application can use a Blowfish encryption algorithm, without being restricted to the length 
of a key. Until now, only the maximum key length was explained about the maximum 
parameter. The maximum parameter should be cautious of the ability of another 
parameters, such as the maximum repetition number of a code, to be included. Such an 
another parameter can also require encryption algorithms, such as RC5, therefore can also 
include them into a maximum parameter. 

[0035] Other permissions observed in. application are permissions for mounting a specific 
exemption mechanism in a specific encryption algorithm (for example, key recovery which 
uses Blowfish). If an exemption mechanism is mounted as mentioned above, application 
can usually use a firm cryptographic parameter (for example, long key length). Thus, the 
permission which mounts an exemption mechanism raises encryption strength 
dramatically. It is explained below by that permission is actually dependent on the contents 
of the restriction 108 whether it lends, and there is nothing or it is usable in mounting of an 
exemption mechanism. At this point, application must be noticed also about it being 
possible for two or more permissions to be accepted. For example, application can also 
moimt two or more kinds of exemption mechanisms. One application can have two or more 
permissions accepted that case and in the case of others. 

[0036] Next, the flow chart of drawing 8 e xplains operation of the GetCryptoPermission 
method of the JCESecurityManager class 316 based on such background information. A 
GetCryptoPermission method receives the set of the parameter containing the encrjrption 
algorithm name (for example, Blowfish) demanded by the application 104 currently called, 
when it is called. Corresponding to a call, a GetCryptoPermission method determines the 
application 104 currently called first (604). That is, a GetCryptoPermission method 
determines the application 104 which called the Getlnstance method which became a cause 
by which a GetCryptoPermission method was called. In one embodiment of this invention, a 
GretCr3rptoPermission method makes this decision by examining a Call Stack in detail. This 
traces a call order and returns fi:om a GetCryptoPermission method to a Getlmpl method. 
Next, it carries out by returning to a Getlnstance method and returning to the application 
104 which is calling the Getlnstance method first next. Like this method, by examining a 
Call Stack in detail, the beginning calls and a GetCryptoPermission method can determine 
the application 104. 

[0037]Determination of the application 104 currently called wiU determine whether the 
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application 104 currently called has a certain effective permission observed in it (608). In 
one embodiment of this invention, this is performed by determining first whether a certain 
permission was primarily given to the application 104. In one embodiment of this invention, 
this decision is made by checking the file related to the application 104 and checking 
whether a certain permission is included in this. By a Java programming environment, the 
file of application is included in a JAR file and uses this JAR file for the check of permission 
in this environment. 

[0038] When a certain permission is foimd, verification processing is performed and it is 
guaranteed that permission is effective. In one embodiment of this invention, this 
verification is performed using a digital signature. Specifically, the JAR file by which the 
digital signature was carried out exists in the arbitrary applications 104 including 1 or two 
or more permissions. The source of the application 104 is trusted and this digital signature 
ensures that the contents of the appUcation 104 were not changed. When this digital 
signature is verified, it means that the permission included in a JAR file is effective. 
Permission is invalid when this digital signature is not verified. A GetCryptoPermission 
method performs this verification using a digital signature verification mechanism. A 
digital signature verification mechanism suitable because of the purpose of this invention 
and effective can also be used. 

[0039] When it is judged that the apphcation 104 which the GetCryptoPermission method is 
calling does not have effective permission, A GetCryptoPermission method determines the 
restrictions added to a Cipher instance based on restriction of the default configuration of 
restriction (612). Specifically, a GetCryptoPermission method searches the default 
configuration entry of the entry of the same algorithm name as the encryption algorithm 
demanded by the application 104 currently called. After the entry is found, restrictions are 
drawn fi:om the restriction (for example, the maximum key length and other restrictions) 
specified in the entry. For example, as for restrictions, the maximum key length will be set 
to 128-bit Blowfish like the example of drawing 7, when the application 104 currently called 
is demanding mounting of a Blowfish algorithm. After restrictions are decided, restrictions 
are returned to the Getlmpl method of the JCESecurity class 314 by the 
GretCryptoPermission method (616). 

[0040] When it is judged that the application 104 which returns to the process 608 and the 
GetCryptoPermission method is calling has 1 or two or more effective permissions, A 
GetCryptoPermission method determines whether either of these permissions is 
CryptoAllPermission (620). In Cr3rptoAllPermission, the application 104 is not restricted. 
In that case, a GetCryptoPermission method retxirns directions without restrictions to a 
Getlmpl method (624). However, when all permissions are not CryptoAllPermission(s), he 
follows a GetCryptoPermission method to the process 628. 

[0041] When it processes to the process 628, the application 104 has 1 or two or more 
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effective permissions, and it turns out that no these permissions are 

CryptoAllPermission(s). Therefore, it means that permission becomes either of two kinds of 
the following. 

(1) The kind (namely, kind which specifies the set of a specific encryption algorithm and an 
optional maximum parameter) which does not require the exemption mechanism which 
should be added, or the kind which requires the exemption mechanism which should be (2) 
Added (namely, kind which specifies an exemption mechanism with a specific encryption 
algorithm) 

[0042]At the process 628, a GetCryptoPermission method determines whether either of the 
permissions is a thing of the kind which does not require the exemption mechanism which 
should be added. When either of the permissions is this kind, it determines about whether 
that permission is applicable to each of those permissions (632). Permission is applicable 
when the encryption algorithm specified as permission is the same as the encryption 
algorithm demanded by the application 104. For example, one permission is applied when 
the application 104 is. demanding moimting of a Blowfish algorithm, and the encryption 
algorithm specified as permission specifies the Blowfish algorithm. A maximum of one 
permission is applied in one embodiment of this invention. When determining that one of 
the permissions of a GetCryptoPermission method is appUed, a GetCryptoPermisfsion 
method, The restrictions added to a Cipher instance based on the maximum parameter 
(supposing it exists) specified as permission are determined. That is, when the set of a 
maximum parameter is specified as permission, restrictions are determined based on the 
specified maximum parameter. When the combination of the maximum parameter is not 
specified, restrictions become unrestricted and an encryption algorithm is not restrained. 
After restrictions are determined, restrictions are returned to the Getlmpl method of the 
JCESecurity class 314 by the GetCryptoPermission method (636). 

[0043] any of the permission which does not require the exemption mechanism in which it 
returns to the process 632 and a GetCryptoPermission method should be added - although 
- when being inapplicable is determined, it progresses to the process 640. At the process 
640, a GetCryptoPermission method determines whether either of the permissions given to 
the application 104 is a kind which requires the exemption mechanism which should be 
added. When such permission is not found, a GetCr3^toPermission method determines the 
restrictions added to a Cipher instance using the default configuration of restrictions (644). 
The method of determining restrictions is the same as the method explained in relation to 
the above-mentioned process 612. After restrictions are decided, restrictions are returned to 
a Getlmpl method by the GetCryptoPermission method (648). 

[0044] On the other hand, when a GetCryptoPermission method determines that at least 
one of the permissions observed in the application 104 is a kind which requires the 
exemption mechanism which should be added, it progresses to the process 652. At the 
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process 652, a GetCryptoPermission method determines whether either of the permissions 
which require the exemption mechanism which should be added is applicable. Specifically a 
GetCryptoPermission method, Mounting of the exemption mechanism which could use the 
set of specific its encryption algorithm / exemption mechanism, or was specified determines 
whether to be usable or not to each of the permission which can be applied to the encryption 
algorithm as which which of these permissions is demanded, or is applied. When you 
perform these functions, refer to the exemption setting out of restriction for a 
GetCryptoPermission method. He can understand these operations well by illustration, 
[0045]The encryption algorithm demanded is a Blowfish algorithm and application 
presupposes that the following two kinds of permissions are accepted. 

(1) Blowfish, key weakening, and (2) Blowfish and a key recovery [0046] Exemption setting 
out of the restriction ftirthermore shown in drawing 7 i s assumed. In this example both, 
since permission relates to Blowfish, both permissions apply to the demanded application. 
Therefore, both both permissions will be processed and it is begun to process them from the 
1st permission. Key weakening can be made to use the 1st permission with Blowfish. In 
order that this permission may determine whether to be usable or not, a 
GetCryptoPermission method searches exemption setting out with this combination of an 
entry. Although two entries of Blowfish exist in exemption setting out, neither of these 
entries specifies key weakening as an exemption mechanism. Therefore, this permission 
cannot be used or applied by that the combination of Blowfish which can use exemption 
setting out of restriction, and key weakening is not clearly shown to be and which is twisted. 
[0047]In this case, he follows a GetCryptoPermission method to processing of permission of 
the next which permits the key recovery used with Blowfish. This permission searches the 
entry of the same method as the beginning, i.e., exemption setting out, and is processed. 
This time, the entry which can use the combination as which Blowfish and a key recovery 
were specified is found. As a result,, use or application of this permission is attained. 
However, an inquiry does not finish there, A GetCryptoPermission method determines 
whether to be usable in effective mounting of the specified exemption mechanism (this 
example key recovery), before accepting use of this permission. And this permission is not 
applied when not usable in mounting. When making this decision, a GetCryptoPermission 
method searches the effective general mounting 106 (drawing 4) which mounts the 
specified exemption mechanism. It will understand whether the GetCryptoPermission 
method can apply either of the accepted permissions by the end (652) of this processing. 
[0048] When a GetCryptoPermission method determines that permission is appUcable, a 
GetCr5TJtoPermission method uses not the default configuration of restriction but 
exemption setting out, and determines the restrictions added to a Cipher instance (656). 
Specifically, a GetCryptoPermission method draws restrictions fi:om the entry of exeniption 
setting out with the same algorithm name as this permission, and an exemption 
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mechanism. This entry is an entry of the beginning of exemption setting out in the target 
example, and those restrictions are Blowfish which the maximum key length equipped with 
a 256-bit key recovery. After these restrictions are decided, restrictions are returned to the 
Getlmpl method of the JCESecurity class 314 by the GetCryptoPermission method (660). 
The entry of exemption setting out enables it to usually use a cryptographic parameter 
firmer than default configuration, as mentioned above. Therefore, a GetCryptoPermission 
method raises the encryption strength of a Cipher instance by drawing restrictions of 
exemption setting out. 

[0049] When it returns to the process 652 and neither of the permissions can be applied, a 
GetCryptoPermission method uses the default configuration of restriction and determines 
the restrictions added to a Cipher instance (644). The method of determining restrictions is 
the same as the method explained above in relation to the process 612. Therefore, the 
application 104 is dealt with like the case where application is not given permission at all. 
After restrictions are decided, restrictions are returned to a Getlmpl method by the 
GetCryptoPermission method (648). Like the explained method, a GetCryptoPermission 
method determines the restrictions added to a Cipher instance. A GetCryptoPermission 
method tends to give the encrj^tion strength maximum with all restrictions given to a 
Cipher instance by using initial restriction, when it is going to apply permission first, next 
appUes neither of the permissions. In other words, a GetCryptoPermission method tends to 
add restrictions of a minimum level. 

[0050]As mentioned above, the default configuration of the restriction including all the sets 
(drawing 1) of the restriction 108 and exemption setting out are due to applicable law and 
regulation. In one embodiment of this invention, they are drawn based on the following two 
laws and regulations at least. 

(1) The U.S. exporting method and (2) local method (law of the country where the 
fi-amework 102 is imported, or the area) 

[0051] Since the sets of these laws differ in almost all cases, regulated treatment is 
performed in order [ which is in agreement with the set of both laws ] to lead the set of one 
restriction. In one embodiment of this invention, this adjustment is performed using merge 
processing. The set of two laws is merged, and generates a set as a result of the restriction 
108, and, specifically, merge is performed by the way the obtained restriction 108 includes 
the restriction when the set of two laws was restrained most. By choosing the restriction 
restrained most, merge processing guarantees that the obtained restriction 108 follows the 
set of both laws. 

r00521 Drawing 9 expresses the outline of merge processing. The U.S. exporting method 702 
comprises the default component 706 and the exemption component 708 as shown in the 
figure. Similarly, the local method 704 comprises the default component 710 and the 
exemption component 712. The default components 706 and 710 specify the default 
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restriction applied to an encryption algorithm, when the exemption mechanism is not 
mounted. And the exemption components 708 and 712 specify restriction in case the 
exemption mechanism is mounted. In one embodiment of this invention, the default 
components 706 and 710 and the exemption components 708 and 712 are holding the same 
form as the default configuration 714 of restriction and the exemption setting out 716 
which were explained in relation to drawing 7 above. That is, each components 706, 710, 
708, and 712 comprise 0 or an entry beyond it. Each entry is provided with the field or the 
container for saving the following. 

(1) An encryption algorithm name, an identifier (2) exemption mechanism name or the 
identifier (3) maximum key length, and code restrictions of (4) others [0053]In order to 
draw the obtained restriction 108, the default components 706 and 710 are merged for 
every entry, and the default configuration 714 of the restriction 108 obtained is generated. 
The exemption setting out 716 of the restriction 108 produced by merging the exemption 
components 708 and 712 for every entry is generated. After this restriction is drawn, the 
obtained restriction 108 is used by the GetCr3rptoPermission method of the 
JCESecurityManager class 316, and determines the restrictions added to a Cipher instance. 
[0054]Next, one embodiment of merge processing is described along with the flow chart of 
drawing 10 and drawing 11 . The next explanation explains using the policy A, B, and C. 
The policies A and B point out the sources of information (for example, the U.S. exporting 
method and a local method) of merge. The policy C points out a merge result (for example, 
obtained restriction 108). As shown in drawing 9, the default components 706 and 710 and 
the exemption components 708 and 712 are independently merged using separate merge 
operation. However, note that the same merge processing is used by both merge. 
[0055] Now, merge processing begins from selection (804) of the next entry (in this case, the 
first entry) of the policy A like drawing 10 . It is determined whether compare the selected 
entry with the entry of the policy B, and a corresponding entry exists in the policy B (808). 
In one embodiment of this invention, this decision is made by comparing the selected 
algorithm name of an entry and exemption mechanism name with the algorithm name and 
exemption mechanism name of an entry of the policy B, If the algorithm of the same name 
as the entry of the policy B and the combinatioh of an exemption mechanism exist, it will 
become an entry to which the entry corresponds. In this case, restriction of two 
corresponding entries is compared and it opts for the restriction restrained most (820). 
[0056] As an example of this method, the algorithm name of both policies A and B considers 
the entry in which an exemption mechanism does not exist by RC5. In 64 bits and the 
maximum repetition number, 12 and the maximum key length of the entry of the policy B 
consider it as 128 bits, and the maximum repetition number sets [ the maximum key length 
of the entry of the poUcy A ] to 10. In this case, the maximum key length will be 64 bits and, 
as for the restriction restrained most, the maximum repetition number is set to 10. It opts 
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for the restriction most restrained for every restriction as shown in this example. 
[0057JA new entry is generated by the policy C after the restriction restrained most is 
decided (824). The same algorithm name as two corresponding entries and an exemption 
mechanism name exist in this new entry. The restriction for which it opted at the process 
820 and which was restrained most exists in this new entry as that restriction. The policy's 
C generation of a new entry will terminate processing of the entry chosen now. And 
judgment whether an entry exists in the policy A more is made (828). When an entry exists, 
processing is returned to the process 804, and the next entry of the policy A is chosen and 
processed. When an entry does not exist, processing is advanced to the process 832. 
[0058]It returns to the process 808, and when it is judged that the entry corresponding to 
the entry selected in the policy A does not exist in the policy B, judgment whether the entry 
of a wild card exists in the policy B is made (812), This wild card operates as a container for 
the combination of all the algorithm name / exemption mechanisms which are not shown in 
the policy B by showing clearly. When a wild card is not found in the poUcy B, processing of 
the selected entry is completed. A new entry is not generated, but processing progresses to 
the policy C to the process 828, in order to search the next entry of the poUcy A. 
[0059] On the other hand, when it is judged that the entry of a wild card exists in the policy 
B, the selected restriction of an entry and restriction of the entry of wildcard are compared, 
and it opts for the restriction restrained most (816). This decision is made by the same 
method as the explanation mentioned above about the process 820. A new entry is 
generated by the policy C after the restriction restrained most is decided (824). The same 
algorithm name as the selected entry and an exemption mechanism name exist in this new 
entry. The restriction which was decided by the process 816 and which was restrained most 
exists in this new entry as that restriction. The policy's C generation of a new entry will 
terminate processing of the entry chosen now. And judgment whether an entry exists in the 
policy A is made (828). When an entry exists, processing is returned to the process 804, and 
the next entry of the policy A is chosen and processed. This processing continues until all 
the entries of the poUcy A are processed. 

[0060] After all the entries of the policy A are processed, it becomes the watch which 
processes all the entries of the policy B which do not correspond to the entry of the policy A. 
However, before performing this, it is judged whether the entry of a wild card exists in the 
policy A (832). When the policy A does not have an entry of a wild card, since they do not 
become an entry of the addition created by the policy C, the additional entry of the policy B 
does not need to be processed any more. Thus, when the entry of a wild card does not exist 
in the policy A, construction of the policy C is completed (836). 

[0061] On the other hand, when the entry of a wild card exists in the policy A, processing of 
the policy B begins from selection of the next entry (in this case, the first entry) of the poUcy 
B (840). It is judged whether the selected entry is compared with the entry of the policy C, 
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and a corresponding entry exists in the policy C (844). In one embodiment of this invention, 
this decision is made by comparing the algorithm name of the selected entry, an exemption 
mechanism name, the algorithm name of the entry of the policy C, and an exemption 
mechanism name. When a corresponding entry is found in the pohcy C, the selected entry 
means already having been processed as a part of processing of the entry of the policy A. In 
this case, processing of the chosen entry is not needed. As a result, processing progresses to 
the process 856 and the next entry of the policy B is searched. 

[0062] On the other hand, when the selected entry supports neither of the entries of the 
policy C, it opts for the restriction which compared the selected restriction of an entry and 
restriction of the entry of the wildcard of the policy A, and was restrained most (848). This 
decision is made by the same method as the explanation mentioned above about the process 
820. A new entry is generated by the policy C after opting for the restriction restrained 
most (852). The same algorithm name as the selected entry and an exemption mechanism 
name will exist in this new entry. The restriction for which it opted at the process 848 as 
that restriction and which was restrained most will exist in this new entry. After a new 
entry is generated by the poUcy C, processing of the entry selected now is completed. And it 
is determined whether an entry exists in the policy B further (856). When an entry exists, 
processing is returned to the process 840, and the next entry of the policy B is chosen and 
processed. This processing continues until all the entries of the poHcy B are processed. 
Processing of all the entries will terminate construction of the poUcy C (860), 
[0063] Explained merge processing is performed by the initializer of the JCESecurity class 
314 in one embodiment of this invention. This initiahzer will be called shortly after the 
JCESecurity class 314 is called. When initializer is called, initializer merges two or more 
sets of the law with which initializer was provided, and generates all the sets 108 of 
restriction. All the sets 108 (it has default configuration and exemption setting out) of this 
restriction are generated, and this is used after that by the GetCryptoPermission method 
which determines the restrictions added to a Cipher instance. 

[0064]As mentioned above, the Getlmpl method of the JCESiecurity class 314 takes charge 
of instantiation of the general related mounting 106, and generates the instance of 
mounting. As a part of instantiation processing, a Getlmpl method performs authenticating 
processing. In one embodiment of this invention, this authenticating processing becomes 
the form of the mutual recognition that a Getlmpl method attests the general related 
mounting 106, and the general related mounting 106 attests the fi-amework 102. In order to 
enable this mutual recognition to produce in one embodiment of this invention, (1) The 
DESHITARU signature of the JAR file of the general related mounting 106 is carried out, 
(2) The DESHITARU signature of the JAR file of the framework 102 is carried out, (3) The 
set of the ambiguous rehance public key (obfuscated trusted public keys) which the 
JCESecurity class 314 can use for verification of a signature of the JAR file of general 
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related mounting is embedded, (4) The general related mounting 106 is embedded in the set 
of the reliance public key used for verification of a signature of the JAR file of a framework. 
[0065]This premise can be given and mutual recognition is performed as follows. First, the 
ambiguous reliance public key embedded in the JCESecurity class 314 is used, and the 
digital signature of the JAR file of general mounting to which a Getlmpl method relates is 
verified. When this digital signature is verified, a Getlmpl method instantiates the general 
related mounting 106, and the constructor of this general related mounting is called. When 
a constructor is called, a constructor uses the reliance public key embedded at the general 
related mounting 106, and verifies the digital signature of the JAR file of a framework. 
When a constructor determines that the digital signature of the JAR file of a framework is 
right, a constructor will build the instance of demanded mounting. When a digital 
signature is not right, a constructor returns an error. The instance of mounting will be built 
only a right case for both the general related mounting 106 and the fi-amework 102 as 
shown in this explanation. 

[0066] By execution of this verification processing, a Getlmpl method trusts an external 
digital signature verification mechanism. That is, in one embodiment of this invention, the 
verification of a signature itself does not perform a Getlmpl method. On the contrary, a 
Getlmpl method shows an external digital signature verification mechanism the digital 
signature of the general related mounting 106, and an ambiguous reliance public key, and 
receives verification. In one embodiment of this invention, an external digital signature 
verification mechanism turns into a signature mechanism (Signature Mechanism) of Java 
Runtime. This signature mechamism is a part of total Java environment, and is not a part 
of fi:amework 102. Therefore, if it sees from the framework 102, this signature mechanism 
is not the component "trusted." If the result which a signature mechanism can be right and 
can trust as a result is provided, before trusting it, it is verified in order for the signature 
mechanism itself to guarantee a lawful thing (that is, the right verifying function is 
performed). 

[0067]In order that it can verify a signature mechanism, at least two digital signatures are 
embedded into it at the JCESecurity class 314. It turns out that one is verifiable using an 
ambiguous reliance public key, and, as for another, it turns out that it is xmverifiable using 
an ambiguous reliance public key. These signatxires are shown in an order which cannot be 
predicted in a signature mechanism, and examine the legitimacy. One possible embodiment 
of processing which examines a signature mechanism is shown in drawing 12 . 
[00681Verification processing begins from the determination (904) of the digital signature 
(digital signature possible [ verification ] or unverifiable) shown to a signature mechanism 
as shown in drawing 12 . This decision is made by the method which cannot be predicted to 
be a signature mechanism, and is performed in one embodiment of this invention using 
random processing. For example, a random number will be generated and, in the case of the 
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range (it is in agreement with 0) with a random number, one of the signatures will be 
chosen. In the case of range (it is in agreement with 1) with an another random number, 
another signature will be chosen. In one embodiment of this invention, a decision of the 
process 904 is made, even if it takes the before selected signature into consideration. Other 
signatures are chosen by the process 904 when all before selected signatures are the same 
signatures. At least one each of two signatures is chosen, and this guarantees examining 
the legitimacy of a signature mechanism thoroughly. 

[0069] After one of the signatures is chosen, it is shown to a signature mechanism for 
verification of the selected signature and an ambiguous reliance public key (908). Next, a 
signature mechanism provides the response which shows one of whether the signature was 
verified or it was not verified. This response is received (912) and accuracy is checked (916). 
When the signature which the signature mechanism was shown is specifically able to be 
verified, the response is checked by the index which shows that the signature was verified. 
When the si^ature which the signature mechanism was shown is not able to be verified, 
the response is checked by the index which shows that the signature is not verified. When 
the response received to the shown signature is not right, it is decided that a signature 
mechanism will not be lawful (920). In this case, verification processing is completed (924). 
[0070]In a right case, the response received to the shown signature on the other hand 
makes a decision about whether verification processing was performed n times (928). Here, 
n is arbitrary desirable numbers (for example, 5). When not performing n times, processing 
is returned to the process 904, a signature is shown to a signature mechanism once again, 
and a response is examined. When processing is performed n times, processing is advanced 
to the process 932. When it processes to the process 932, it turns out that the signature 
mechanism provided the right response to the signature which ****** was shown, 
respectively (when a response is not right, processing will be completed at the process 924, 
without resulting to the process 932). Thus, it is decided that a signature mechanism will 
be lawful (932). In this case, a signature mechanism may be trusted by the Gretlmpl method 
which attests the general related mounting 106. Verification of that a signature mechanism 
is lawful will terminate verification processing (936). 

[0071]The result of the above-mentioned processing is that a signature mechanism is . 

shown a verifiable digital signature and unverifiable digital signature in an order 

J *4r***4r*:«r** J Evcn if it Is not impossible, it will be very difficult for verification processing 

"to forge" a right response of an inaccurate signature mechanism by making this 

presentation order into a prediction impossibility. Therefore, this verification processing 

provides the efficient method of examining the legitimacy of an external signature 

mechanism. 

[0072]Verification processing was related to the digital signature verification mechanism, 
and has so far been explained. However, it must be cautious of processing not being limited 
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to a digital signature verification mechanism. On the contrary, verification processing is 
generally applied and examines the legitimacy of the arbitrary mechanisms which are not 
trusted. As long as at least two different information setting exists about the known right 
response, processing is applied in order to examine the legitimacy of the mechanism which 
is not trusted. The method generally appUed in the mechanisms which are not trusted in 
which verification processing is arbitrary is shown in the flow chart of drawing 13. 
[0073]Verification processing begins from the determination shown to the mechanism in 
which either of at least two information setting is trusted as shown in drawing 13 (1004). 
The process 1004 of this determination is performed by the method which cannot be 
predicted for the mechanism which is not trusted, and is performed in one embodiment of 
this invention using random processing. For example, a random number will be generated 
and, in within the limits (it is in agreement with 0) with a random number, the first 
information setting wiU be chosen. In within the limits (it is in agreement with 1) of others 
[ number / random ], another information setting will be chosen. In one embodiment of this 
invention, the process 1004 of determination also takes the before selected information 
setting into consideration. When all before selected selections are the same information 
setting, other information setting is chosen by the process 1004. This has guaranteed 
examining thoroughly the legitimacy of the mechanism which each of information setting is 
chosen once [ at least ], and is not trusted. 

[0074] After one of the information setting is chosen, it shows the mechanism in which the 
selected information setting is trusted (1008). Next, the mechanism which is not trusted 
provides the response to the shown information setting. This response is received (1012) 
and accuracy is checked (1016). Specifically, the right response of each information setting 
comes to be known. When it is not the right response of the information setting shown the 
received response, it is determined that the mechanism which is not trusted is not lawful 
(1020). In this case, verification processing is completed (1024). 

[0075] When it is the right response of the information setting shown the received response 
on the other hand, a decision about whether verification processing was performed n times 
is made (1028). Here, n is arbitrary desirable numbers (for example, 5). When not 
performing n times, processing is returned to the process 1004, it shows the mechanism in 
which information setting is trusted once again, and a response is examined. When 
processing is performed n times, processing progresses to the process 1032. When it 
processes to the process 1032, it turns out that the mechanism which is not trusted 
provided the right response to aU the shown information setting, respectively (when a 
response is not right, processing will be completed at the process 1024, without resulting in 
the process 1032), Thus, it is determined that the mechanism which is not trusted is lawful 
(1032). Verification of that the mechanism which is not trusted is lawful will terminate 
verification processing (1036). 
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[0076]The result of the above-mentioned processing is shown to the mechanism two 
information setting not being trusted, in an order [ ********** ]. Even if it is not impossible, 
it will be very difficult for verification processing "to forge" a right response of the 
inaccurate mechanism which is not trusted by making this presentation order into a 
prediction impossibility. Therefore, this verification processing provides the efficient 
method for examining the legitimacy of the arbitrary mechanisms which are not trusted. 
[0077] [Outline of hardware] In one embodiment of this invention, this invention is mounted 
as an instruction set which 1 or two or more processors can perform. This invention can be 
mounted as some object-oriented programming system containing Sun Microsystems of 
State Mountain Wiew of California, and the Java (registered trademark) programming 
system by an Inc. company and which is not limited to this. The block diagram of the 
hardware of the computer system 1100 in which the embodiment of the invention is 
mounted is shown in drawing 14 . The computer system 1100 contains the processor 1104 
which is connected to the bus 1102 used for communication of information or other 
transmitter styles, and the bus 1102, and processes information. The main memory units 
1106, such as random access memory (RAM) or other dynamic storage, are also buUt into 
the computer system 1100, and the information and command which it is connected to the 
bus 1102 and the processor 1104 executes are saved at it. The main memory unit 1106 is 
used also when the processor 1104 saves a temporary variable or other intermediate 
information which are used during execution of a command. The computer system 1100 
contains the read-only memory (ROM) 1108 or other static storages for which the static 
information which it is connected to the bus 1102 and the processor 1104 uses, and a 
command are saved. It is connected to the bus 1102 and the memory storage 1110, such as a 
magnetic disk or an optical disc, is used for preservation of information and a command. 
[0078]It is connected to the display 1112 of a cathode-ray tube (CRT) etc. via the bus 1102, 
and the computer system 1100 displays information on a computer user. It is connected to 
the bus 1102 and the input devices 1114 including an alphanumeric character key and 
other keys send selection of information and a command to the processor 1104. A different 
user input device &om a key has the cursor control 1116, such as a mouse, a trackball, or a 
cursor arrow key, selection of direction information and a command is sent to the processor 
1104, and a motion of the cursor of the display 1112 is controlled. This input device usually 
has the biaxial flexibility of 2 times of the 1st axis (for exaimple, x) and the 2nd axis (for 
example, y), and can specify the position within a flat surface. 

[0079]According to one embodiment, the computer system 1100 provides the function of this 
invention according to the processor 1104 which performs 1 stored in the main memory unit 
1106, 1 of two or more commands, or two or more sequences. Such a command is read into 
the main memory unit 1106 &om media other than the main memory unit which can read 
computers, such as the memory storage 1110. Based on the instruction sequence stored in 
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the main memory unit 1106, the processor 1104 performs the processing step explained 
here. It can also be used as another embodiment, being able to replace a hard-wired circuit 
with the software instruction which mounts an invention. A hard-wired circuit can also be 
used combining the software instruction which mounts an invention. Thus, the 
embodiment of an invention is not hmited to the arbitrary combination of hardware 
circuitry and software, 

[0080]The term of "the medium which a computer can read" currently used here shows the 
arbitrary media related to providing with a command the processor 1104 used for execution. 
Although such a medium is not limited to a nonvolatile medium and volatility medium and 
a transmission medium, there is form of a large number containing them. For example, 
there are an optical disc or magnetic disks, such as the memory storage 1110, in a 
nonvolatile medium. There is dynamic storage, such as the main memory unit 1106, in a 
volatile medium. There are coaxial cables including the wiring which constitutes the bus 
1102, copper wire, and an optical fiber in a transmission medium. A transmission medium 
also becomes forms, such as a sound wave or electromagnetic waves, for example, an 
electric wave, infrared rays, and a wave generated during optical data communication. 
[0081]For example, in a general form of the medium which a computer can read. A floppy 
(registered trademark) disk, a flexible disk, a hard disk. Magnetic tape or other magnetic 
media, CD-ROM, other optical media, There is a memory chip of a punch card, a paper 
streamer, another physical perforation-type medium, RAM, PROM and EPROM, 
FLASH-EPROM, and others or a cartridge, a subcarrier mentioned later, or a medium 
which can read other computers. 

[0082] Carrying 1, 1 of two or more commands, or two or more sequences to the processor 
1104 which executes a command is also included in various kinds of medium which a 
computer can read. For example, a command is first carried by the magnetic disk on a 
remote computer. A remote computer loads a command to the dimamic storage, and 
transmits a command on a telephone wire using a modem. Td the computer system 1100, a 
local modem receives data with a telephone wire, and changes data into an infrared signal 
using an infrared transmitter. An infrared detector receives the data of an infrared signal 
and a suitable circuit arranges data on the bus 1102. The bus 1102 carries data to the main 
memory imit 1106. And the processor 1104 takes out and executes a command. The 
command which the main memory unit 1106 received is optional to one of the back before 
the processor 1104 performs, and is saved at the memory storage 1110. 
[0083]The computer system 1100 includes again the communication interface 1118 
connected to the bus 1102. TTie data communications of a 2-way are possible for the 
communication interface 1118, and it is connected also with the network link 1120 for 
connecting with the local network 1122. For example, the communication interface 1118 can 
also use an integrated services digital network (ISDN) card or data communication 
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connection as the modem with which the corresponding telephone wire of a kind is provided. 
The communication interface 1118 can also use data communication connection as the 
Local Area Network (LAN) card with which compatible LAN is provided as other examples. 
A radio hnk can also be mounted. By such mounting, the communication interface 1118 
transmits and receives the electrical and electric equipment, electromagnetism, or 
lightwave signal which carries the flow of the digital data which is various kinds of 
information. 

[0084]The network link 1120 usually makes possible the data communications to other data 
stations using 1 or two or more networks. For example, the network link 1120 provides 
connection to the data station currently managed by the host computer 1124 or Internet 
Service Provider (ISP) 1126 using the local network 1122. Next, ISP1126 provides data 
transmission services using the global packet data communication network ciurrently 
generally called "Internet" 1128. Both the local network 1122 and the Internet 1128 use the 
electrical signal, the electromagnetic signals, or the lightwave signal which carries the flow 
of digital data. The signal which uses the signal which uses various networks, the signal on 
the network link 1120, and the communication interface 1118 has a form of the typical 
subcarrier which carries information. These signals are carried to the computer system 
1100, and carry digital data from the computer system 1100. 

i0085]The computer system 1100 can transmit a message using a network, the network 
hnk 1120, and the communication interface 1118, and can receive data including a program 
code. In the Internet, when the code of an appUcation program is required, the server 1130 
may be able to transmit it using the Internet 1128, ISP1126, the local network 1122, and 
the communication interface 1118. When the received code receives a code, it can be 
executed by the processor 1104, or can be saved at the memory storage 1110 or other 
nonvolatile storages, and can be executed later. By this method, the computer system 1100 
can acquire application codes in the form of a subcarrier. 

[0086] At present, although the invention is explained based on the special embodiment, it 
is not limited to it. Various change can be made by a person skilled in the art using the 
profits of this indication, without deviating from the pneuma of an invention. Therefore, 
this invention is not restricted to the specific embodiment currently used in order to 
describe this invention, and only by being based on a patent generic claim, it is limited. 
[0087] 

[Effect of the Invention] According to this invention, a framework makes it a positive thing 
to impose required restrictions on the service provided for application according to the 
demanded dynamic construction of mounting like the above. 
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[Brief Description of the Drawings] 

[Drawing li lt is a block diagram showing the whole system concerning one embodiment of 
this invention. 

[Drawing 21 It is a flow chart showing general operation of the whole system of drawing 1 . 
[Drawing 3] It is a detailed block diagram showing one embodiment of this invention. 
[Drawing 41 It is a detailed block diagram showing one embodiment of this invention. 
[Drawing 51 It is a flow chart showing operation of the embodiment of drawing 3 and 
drawing 4 . 

[Drawing 61I t is a flow chart showing operation of the embodiment of drawing 3 a nd 
drawing 4 . 

[Drawing Ti lt is a figure showing the example of the combination of restrictions including 
default configuration and exemption setting out. 

[Drawing 81 It is a flow chart showing operation of one embodinient of the 
GetCryptoPermission method of JCESecurityManager object classes. 

[Drawing 91 It is a flow chart of one embodiment of this invention showing the outline of the 
processing merged into one set of restriction of two or more sets of a rule. 
[Drawing 10] It is a flow chart of one embodiment of this invention showing how to merge 
two or more sets of a rule into one set of restriction. 

[Drawing 111 It is a flow chart of one embodiment of this invention showing how to merge 
two or more sets of a rule into one set of restriction. 

[Drawing 12] It is a flow chart of one embodiment of this invention showing how to examine 
the legitimacy of the digital signature verification mechanism which is not trusted. 
[Drawing 13] I t is a flow chart of one embodiment of this invention showing how to examine 
the legitimacy of the arbitrary mechanisms which are not trusted. 

[Drawing 141 It is a hardware block diagram of the computer system which this invention 
mounts. 
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1. This document has been translated by computer. So the translation may not reflect the 
original precisely. 

2, **** shows the word which can not be translated. 
3.1n the drawings, any words are not translated. 
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iz^\.^xm§smmm< mmb . ^mttzm^ 2 3 

nmmmi^tii. mims^izmsm^(r)ftBm»ifi^ 

liiria^&i^K*^ m?^^zmm^(o^mmi}^^ 
^tii>zt^^^L^j:^^t^'mnzgitx . wmmeo 
-b-ybtcr^'-fex-r soffit. 
mm}m&imizm'^\^xwMm^i:^<mmt. ^mt 



tzm^^2 3t3iB«<7)^a. 

i^L. ^zipf>mi:>m¥m^mi:iiitii-i-^cit(izx 

[it*«2 7 3 miTr>J^->-ayiz^t'^tLX\>^ 
<7)IISt;p-f©l*«J*^^^l> J: 0 izmi^$-^?> hcoiza 

<offiFWib s fc crimsnzm tx . mmmi>zm-tum<r> 
•fe h^m<rzMz^ mm^^^m-t^ xo. i xj± 

[»^3i] msirro-y-i^Byiz^t^ftx^^ 

i a , 1 X{±«lgtorn-b 'y-9-S:ttf^$-«*rS 
X»i«|gCCOru-fe y-rSri&f^$-tt-|.^^i:, ^Ml/Zmt 

0. ^*»irSt<0-C&Sff*JS3 llclESlconytA- 
^'SE^^lROnrig'SraEf*:. 

Sip, lX{±«j&<ora-fe>yl^Sri?rfP$-«i:S^^a. 
-r -5 J: a . 1 Xfi^Sccor o-b y -^-Srillf^S 

imttzm^2 9i,zmi(7)ziy\:;jL-^^m*) 
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BineiiF^*^^®fii*^'^$ t\.h:ih t^v^t 

[iS*«3 5l Ml^*^i&^< J: 9 . IXtiSStor 
o-«r -y -y-Jriftf^^HirSmlB^^. 

fJBrrSj:^. lXtS«Sc<^ra-fe-y-9-^iftf^$-ltS<& 

fclStT, l5n&'N'7;'<-^'(3«-:^#|fn5PJ**;«o-b y 
#<J:^, lX«i1^coro-fe.y-9-i£ri!if^$-ti-SfSr^ 
i:. 5:ffil;?.fclS*^34fe:ie«03ytA-:?^;^t]R'3 

[f«*«3 6] mifi$iI*f»Sr»< J: ^ , lX{±«a«or 

mnei*W>'>°7^-^iO-fe-y h$:«feL-CV^&*^*>S- 
ipJBrri. J: o . 1 Xt41gBc«ra-fe >yf?-Srf&fPS-ti:*t& 

id . 1 X(±«j0:«ra-fe v-^^me-^^ 
St&^fc. ^ilS;t>tif^3 4tcSa<ori>'eA-^'S! 

Xo. lX»±^orn-fe./l?-5rttfp$-»irS#^i:, 
ll»iaW*«>S:«<>^«)fc:. ISfl2l^^i:ll?rlB«sl^JKi: SrP 
Si-^J;^. lXli^^oTo■fe•y-9-^iIff$•^^S1^<^ 

[11^3 8] ms^m:ms^(^mti:^-t?> 

XO. lX«1ffiBt<?)7-0-t.y-9-$-i6f^$-fr«l?ie#<& 



izm^v^xmm\mm<x5. ixji^^iora-t-y 

■fe y Kcr^-feX-ri, X5. 1 X<i1^<oro-b y-y-S: 

fflrffi^SiM(3S-:fv^-ciKne©I*«;2:^< J: a , IXJilS 
j@:<orD-fe>y-9-Srfi)f^§-ti:-l.iiJr^i:. 2:(i;t;t^«3a3 

[»*^4 0 ] tm^tsmmK mwLc^mm^i'?- 

-JL. '^Zii^(>mi:>mmi^jMm'&ititii'thZtizX 
0. mi)^i>i>er>Tt)twmm3 7iz^<r>ay}:^::L'- 

l¥f^i/ihhii^i>^^mWrrhX o . lX«SI8[<0Ta 

y^JIr-i^ 3 yi)mixX'S>^i}'im&T?>fzif)l,zzi~n' 
•Xi^y^ ^ Xo. 1 Xiimc<r>TX2-t .y1f 2: 

i6fP?-frSiSr^S:lli.itiS««2 9l,z§m<^^y^^- 

[iS*«4 2] m§iTy'0ir'-i^3y{,z^t(:>itX\,^ 

hfmifihi>i>^i>^i:^mthx o . 1 xfi^oro 

SriSiEt-^ Xo. 1 XtilSa^r a-fe -yifSriftf^^-tir^* 
i&^^Ktcfi|;tfc|g*«4 ItciStKwn^'tA-r^gi;* 

[00011 

f-Mzmt. mz. rr u 3 y^zx oig^^^ut 

-9--t-;^<oS^{c:i|-r-S.$iJ»!;&^«-rs^ci6coSI<gtc:|l| 
[0002] 

-i^axommifmiL. m^izx^xiim±vx% 

hf^'(tTfU^VXAi:mmtX\''^hny\^jL-^Ta 

XAiRf:^-) . zcr>muziiimi:>ht, en^hoioti, 
ro^^^j^eom^mm^.^i^x^xiimrnx'^^. 



!(5) 001-216043 (P2001 



-•ch3:4 3 



^^^(rmiiZii, ^— • XX^O-(key escrow), 4f 
— ■ t;;*^N'i; — (key recovery) fci:L^=i(r— • >> -f — 
^^^(key weakeniiig)*>'fcS, 7*0^^7 AcOffii 

[0003] 

— A'7-^'£0Mc01o*^;<?;P7*/UriT, yN*C7r/Ph<0 
^yr7-i ^ui^XT-J>.X!&M<7)Ja.y& PlatformcOJava Cr 
yptography ExtensionT<5l>. 7U— ^'j&*Bt^^ 

[0004] 

[0 0 0 5] yu—A^-^ii^ ry^)-!r-i^3>i}^t> 

iiim<o$>mi^t:m^h, -mmmizts^^x. yu 
ml.r•T'}*r-^^^v\,z^■JLti^x^m^^ 



•fe •/ h < tz)h\zz <Tm-^^fmfh , -rmm^i^ 

titb. 7P-A'7-^'«4. g«§n^|^S:«Wtc«l 

mm:^izmmm-rmnai/^yi^^m^ji.itj: o 
izmm^tii. m^^tifzmma, mirrv-y-i^a 
yiMmzmm^ti^cr>x\ -ecorxu^-i^a^ffltc 

[0006] *X^'A'ft$^i.^c||^*>'i6WtcS^$fiX: 
7W-A'7-:?{4, ;>^x^A^sn^ii^S:m; 
^^-v-gytciStt-^s. -e<os^, rx'j^-— >g>'«-9• 
-t'xco^c^6C7:?x^A-^b$^^?tl^2r®«pf^/■^^J■r. 
:ffX:}'M,it^tifzm&izii. m^t^tiim-r?>fz»f><r> 
mf^>'-yi^tf^mi^&^tlX\>^^(r>X\ rru^-i^a 

^XrJ'A^^^tf^S^gf^CT&i^f-b'x^^U. ii^t: 
m¥3ti'Mx.<^ii:hZbl,z^&. ZcoXdl.z/iX:$'Mt^ 

tif;immfomm^mmizj:':>x. yu-^v-i^a^^ r 

[00071 

mm(ommcomm'i muz, :$:W3n(oms&mm.(o i o 

**j|3^$ixTV%SS/X7"Al 0 0i07'o y:?aSr^-r. 
ZCOiyXfJ^ 10 0 fcti, 1 * Jtli^tor XU ^r-v- 
3^104. l*:t«^^>HR««r^l0 6. m« 
$futMISO-fe-/ h 1 0 8t><J;t^«-ac7)3y;if-^x>'h 
®<0fflSf^ffl^R}ttiffpfci6<07^-Ay-^ 10 2 
tfi-kAtLi>. rrU^^— i^aVl 04*«. b'X<0^ 
SISr7U— ^.V-^' 1 0 2tc^^L. SttKS. CI CI 

Txy^^->-a>'i 0 4{4, #aciDTryc>-->'3 

yXJiXa^^^ATJ: < s JavaTXW-yh. Jav 
arr U ^r-i^ a J;t;r:t^^ X -f XtC3 y^NM yl-Sit 
fzTy'V'>-—i^3y (Zix^izm^^tvO:^'^) ^t'S:-^ 
O. 2fs:^<OBW«7t*^tc, •"^;^_b'XJ i:v^dffl^<± 

i*itlS«S*i.=5rV^) TXy^-- v-aVtcio-C^ 
[0 008] TTO-ir-iyayi 0 4li. IIJ^$r7^— 

<7)i?--t'x<o^^fg^-rs. ^cfci-tf. rx';^^-i^ 

3 y 1 04{4 TBlowfishj t§^{tTfU^VXA(D^i: 
S*T'§S, vin.{CitJ£LT. 7^-A'7-^102 
(4, ^«S-ajLTV>^TX'Jir-j^3yi0 4ffltc:;^X 
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104tCtlft-rS. 7L'-AV-:5'10 2{Cj:-oTgfit 

[00 0 9] -«W=5:IIII1 Oeji. 7P-A'7-:?1 

0 2(c ^y°yV-(y] ^titi)K v^-^x-f;^^^ 

-PCO— jRfl*!^!^*^' TBlowfishj fS^itTfP^VXM.^ 

S^u. i^mc. l-^c7)l^<DESHi^-^^:ry^d■ 
uxz»^l^^i.. 0 6<^«-'<?«, fim 

$ii=5ri/V ■t^j:hib. ©IKl 08. ^JtfifT^l 1 0*< 
#4LTt. -«6<j^ll^l 0 6i«c{iSfJ*«7lcJ:oTi& 
tf^.tt^v\ ^iitcioT. -^^HSIl 0 6*>'Bt^ 

««>3&«TT'j^r_j^g 04t^$ix«,-9--h'xt:in 
;t /i.ttS Sr«ffi-rS<0(i7 U-A'7-:J' 1 0 2 r^fe 
-:> T . 10 6 T'Ji^v ^ 

[0 0 1 0] v-xxAi 0 0{cijv'>-r. yi—Av—? 

1 0 2 j^XT-i* 10 0 cOlllfNi^f*:^ PS^^ 3 

— ^>yh-C*)S. 7t'-A'7-:5' 1 0 2<^)— flJW^Blf^ 
^nit^^jtm^. ia2tc^-r. ia2tcS^LTV^SJ:3 
tC, 71^— A>7-:7 1 0 2{±. TTU^— i/-a>l 04 
*»fe!»^S<W-h';^<OSI^ BlowfishBf 

•cisf^s (202) . ;nx\,zniBLx. mt^ifim^ 

^=3rM*«>&WBrri. (204), ^^R(D-mmm\.z 
isv^T, ^W'-A'?-:? 1 0 2{±, tg^^iutKISl 0 
85:, tL«)it{f. S*S:aiLTV^&rrU:)^-i'3>' 
104^c|2^^>4>^^>tf^^l lOi:.mm.-th:ii:.fzX-yX 

X. 1 0 2{iBrig^ris'5 . fkwmmm 

2<i, »^i iofc$(iisio8*#«fc»rii^isoi: 

[00 1 lliW*«;35«gfetSts 7W-A^-^102 

m-^^IXtc.^^mtiliZmk-th (206).*% 

tz'f-\ix(r>wk {fzhxM. BiowfishBf^ibr/i'd'u 
XA^ies-rsHRWtiri^ioe) s-i^-rs. mk 

-th-mm:^ 1 0 6 iSr^ottS CI t (C i TfilJi&$ 

$tifcm^(,zm^^^tii^. ziomnui^-zi^ii. z<7) 
mmK mA-rh-mj^^ioeizm^ithzti: 



iimmm^^x\^^\tHzhii>i}>hi>-r, mn^i^-y ^ 

mm-?>-mm:m&io6izmm^iii>-i&^^j:m 
m^j:^. mm-th~m}^j:mm, zzizm^&thfz 

r*j'>-~i^ai^io4mizm<nzmm. t'Cchh, s« 
ms^tu-zmmi. m^Lx\.^^Trv^-i^3yio 
[0012] ^x^M.^^fu-zmW)mm^ixh t . m 

*UTV^STr'Jir->-3>'104 {ZZ<7)^^im^ix 
I. (208) . -e^Ol^. rr'Jir— v'g VI 0436<;<r:X 

i^m^jhttlX\'>i<7)X\ TTV y-i^ayiOAH^ 

\,zy\y-M.^~'^ 10 2 i:ta^^=:f^ffl•r*^^^s**^^<'5: 

<o J: a Zbiz 

ii-yX. 1 0 2*^ TTU ^r-j^g y 1 

0 4^c^§^^5■9--b'x^c^e^g^^|||«;£illlfc:^^x. 

[0013] fr^cOlftBHti:, *3S|b^cO-^^®{SS:S 

^oi^{cWiifciKHa$ix-ci^s, zixtimm<r>nm(r) 
t:}sbfimzmi^tixy>^hztt,zTm-^ixrz\.\ ^mi 

^.ilSieJS<0*^S>^>t9>S®«<?D-!f-b'XtCJtUT, — 
[0014] I13&t/04tc;, y^-A*?-^ 1 0 2c7) 

i0 2{±, m;^r->^H>^- ra^j^^sv^^- -iy^ 

-7x-<X (AP I ) 3 0 2, 1?-— b'xra^^-f ^ • 

yrJ'-^x-fX (SP I ) 3 04tJJ:l537'3 2 0$r{i 
;c.i.. API302J4, TT^}^— i^a^ 10 Atm^ 

— llffi}l^®Oct>V>T, AP I 30 2{4Cipher^ri^xi? 
h 9 yX 3 0 6 1 ExemptionMechanisiD:^ yi^x ^Yif"^ 
X3QB,^m7Lh, ^<r>)<V vY^zW:,-^X ^ Cipherer 
r j^x 9VifyX3Q(, t4GetInstancep< V y H Init 
^y-y H$-(Si..S. Getlnstance^y-y h'fi, TTU^r 

— > 3 :/*»-9--b'xc7)i^$-ss-r'6%^t- , rr y 

- V 3 y 1 0 4 {c J: xmf^^iXi,^ y y K-C*?. . 
dO;^ y y HOf If aj ttCJtJSLT , Cipher:t7'>''x ^ h 
^'5X3 0 6(?D-YyX:5'>'X*<«^$iX. Dft/aitT*.^ 
Srr'J^r-i^gy 1 041C^§*XS, jSStt^Cipher 
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#^•r'l.^|,. Cipher -f 5' yx*<jg§ixSfc, Cipher 
yx:?yx<7);A V y HA^rr D ^y-i^ 3 >- 1 0 4 t J: 

oTfi:«foftJfai$<is. pft^aiLTv^s Try ir-i^ 3 
yi 04ti-5Tiiftxa}§ix^itJScoS>-S^y-/ Kcol 
-ommt;* V •■/ ^<r>^ y •/ Hti. cipher >- 

x^yx L , Cipher^ yx 9 yxttm^x # § 

idtC-r^S. Init^y y H(iCipher^'yX:?>X 

tC$ll*«J$rSPi.-l.7ti'>iOiiffa >?-y 9 1 LXmm-i> . Ge 
tlnstance;< V ••/ Ki: Init;< y >y KtC-^V^Ttil^lBtwf^ 

[0015] -TT'tclKHBbfv: J; 5 tc. 1 i^ctiSSc^^fe 

$itTl^i.«^(c. ExemptionMechanisiajrrvx^ h:?' 

1ggtco^y-y HSrft^i.. ^ix<^c7);<y.y 

-• ^}i)m-'^hh^.^~- yXr>'^U-rD y:7 

(tL>:.Ui. df-. •J;^y<!;-yD.y^*J^SiXit*> 
if S-¥!lBrrS)t«)fc:iifDfai§*tS. AP 1 3 0 2 
<7)5ryi^'x:5'b^'9;^30 6. 3 0 8fcOV^T{i. 

10016] SPI304J±, ^f-b'xray^'-^ rJ^tCj^^ 

co-9--b'xi^^7i/-Av-i? 1 0 2{cr7^-f >-r 

^. *i«B.B<0-||ieg®(CtJV^T. SP I 3 0 4t±, # 
API 3 0 23rrvx^h^'7>^fcitl5-rSSP I 3 0 
4^rS/'x^'h^7XS:(i;l^. -r^rt)*), API 30 
2 cOCipher3j-7'i''x ^'b^7X306tcS* tXStlS-r-S 
SP I 3 0 4<0CipherSpijJ-7'v'x^'hi^5>^3 1 0*« 
'?-tT. AP I 3 0 2<5DExeBptionMechanism 
:^'r'J3.9Y9^X30B,\,znVX.n^-th^'P\ 30 
4<OExeaiptionMechanisa6pi3fyi^x^' V'^^'yX'i 1 2 
C:<01^1<0itl5{4. AP 1^^X3 0 
6, 3 08c7)^y yHS:SP i;'7X3 10. 3 1 2c0 

> y -y Htcv >y tT y^^h z. t i^izi^h , z<r>mm 

mmmizim^tit . s p i jj-rs^'x h 3 1 

X'>X^^tV^im.iiy^(^^\^^V "/ h'$r^LTV^.5. 
fclimc. ^7'yx;?h:7 7Xef*:*iCfL^>iOP<y -y F 

10 6 S:*|«t-|.tcJi. •9--t'xrayN''f r*5S P I 3 
0403fri^x^'h^'9x<oi-:>(&i^r^'9X'n:L. -e 



c7)-9-7'^ 7X{CS P I :7 5X<^g«$tT.fc;>< y y Hi^)^ 

$ir-CV>S-«l6<J=3:Slill 0 6(1, SP I 3 04<?)j1-7" 
i^'x^'h:?5X3 1 Ofc 3 1 2c7)-9-7':J'5X{C'5rS, — 
jE«t?l^^ 1 0 6<D#««i:, M^ro7t®i<0-9--b'Xt 

h ) , -m.m:m^ i o e co#^ im<^u^ t^Jt^tc 

I^T'&S. ^nj:->T. -«W^^10 6?rS^ 

SC:f:i>r#S. ^^-A"?-:? 1 0 2C03T3 2 0 
li. JCESecurityrtr^-'x^i' b^5X3 1 4 i: JCESecuri 
tyManager;trj^'x:5'h:?'5X3 1 6$-m.|>. 2(s:^BB 
CO— IISfeJ^«ttJV»-C> <lix<>£0:+:?'>''x:? h;?^X3 
14t 3 1 6{i^^••y^^->'7■9-f'<-^TfcO, rrU 

^r-v-g^i 04*wgr:?'-bxf #^v\ asters 

ixTV^I^J: ofc. JCESecurity^'^XliGetImpl;><y>y H 
S:1S;C. JCESecuri tyManager^' 7 XJiGetCryptoPermiss 
ioiu<V yF C:it^><!0;'<y «y H{±. Cipher:? 
=7X3 0e cOGetlnstance^ y y H<?)D?t/ai L(7)M*t 

^xm^^ixhmni. ^i^xT^j^cT^^m^m^tnt. 
jaKmmx'^?,, mz. mM<^x^:Flm^zm 
mt^fctbiz. m5Mm6<r>m.tmxiyX7-A<r>^x 

[0017] rr y ^-i/ a y i o 4{i, -en;!)^^^^?^ 

«§^^-iiX(r)mi&^i6imtLX\.^i>^l,z^ Cipherjj- 
yj^x^h^'9>?.30 6 iOGet Instance;* y <y K Df 

rr 'J ^-i^ 3 >-*i|i^$-s«LTv>s-9--b'x<?D«a 

WiJi, ;'t:i:x{*Blowfish<7)J;a^Bi#-ft;r;l'rfUXA 
^tc5:6. Cipher:?vX3 0 6<iC:<0^;^S:Sft5XO 
(404). GetInsUnce;< V -y HcO«tg2:liftfaj-r. 
^LtHzMSiLX, Getlnstance;<y y Hti. JCESecurity 
^fyXSl 4£7)GetIiiipI;<y ••/ HS-DfU^aj-To Getlinpl;^ 
y y H<i. IffiRtOfiS^liitg^llff-r ^ . .1 y -y K 
*-r. S*§*i>t:^<0-9--b'x$-|^Lrv^5- 

«i«=5:s^ 10 6 tfimm^mf}^t' a *^Brr s ( 4 0 

8) . fcbtii. HKW=Srl^l 0 6eov^-rit*»*%low 

ndifm<tri\^^*jxj>.tmmvx\^^i)^ifoi)>mrt 

Sa^— ^^H^l 0 6*«ao*><i>^*>-:.7tJ© 
Getlnstance^y -y Ht::X9— ^ y-b— i^'Sr^t 

(4 12) . mz. mi/t^Lx^'^hrroir-i^ayi 

04tCX7-^ y-fe-£^S-ig-r, mz, ^^$#1^-9-- 

b*X$rllS^ LTV^^-^^IISI 1 0 eii^M.-yt^'ifz^ 
Getlmplp<y y a-P*»-^^C-flRW=3:*§l*«i2 

m^tix\>^i>i)-ifoii^ifxmi-r^ (4 1 6 ) . 
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[0018] Getlinpl;< V y H*i-eiO-flgW=3r»&^'i2 

x*«fi=i6-«iW^l^l 0 6*«fl!j(c#ftL^rv^*>ii'3 
(420). flfitHKW^HJI 1 0 6*5^¥^£ 
U^V^J©^. Getliiiplp< y y H(iGetInstancep< V >y h'tC 
x^-^ y-fe-i^'S-jIL (4 24) , iJcfc. Dft^ffitT 
USmi a ^ 1 0 4 (CX^-^ y-b-i^'^rjl 

■r. S«§i^TV^S1^-h'X*i^fx|.-«W^^l 0 
6*<ffll{CiME^6J^> Getlmpl;>< V -y HJi. XS4 1 

ill 0 6*«J?iEL.^:V^k¥!llBr$fi.S*f gli< . 
[0019] S^§#t7tlJ--t-:;^c7)i2iE$ii/i-®W^ 

1^ 1 0 6 (z<7)^mm-t&m^tm£ti^ ztiz 

ll^$:-^:^x^'>'X'fl:LT (428) ^JltfO'f 

Getlmpl^y -y H*JH^>*^<'D$iIIS5:llilcO^ > 
:^^>::^lizMx.S,'£^ifi$>hi}^}^olpnWrt& (4 3 

. 2) . *5SgH3i7)-||SfeJ^ffilCt5V^-C. C:c7)^M{±, 71^ 
1 0 2A>'nrtW^i&f^^;ttiitiSlW^i6f^ 
Jt«>fclft^$<rT v^S35>»i:' 5 t J: oTtf 

mi^i:Mti>^ii^\i\ — ^r. VV—J>.V—9 10 2 

[0020] |^<7)^ VX:? yxizMt (>tlhmi^i:m 
Bf^SfctotC (436) . GetlBpl^ y -y KJiJCESecuri 
tyManager:? 3 1 6 <5%etCryptoPermission^ V y H 
^I^Vai-t. GetCryptoPenBission;<y -y h'iOa^S 
llgti. *&^$flfc»IRSl0 8i:, tUfctitf. DftXajL 

Tv^i.rruir-i^H^'i 0 4(cia!^>^>fL3tft'5ri lo 

i:2rlllEL. «I*«;<0-fe<y hS:S<C:i:T'*S. C:iO$i|*«> 
O-fe 'y hA<GetCryptd>eruissioiu>< y -y Hfc: J: oTGetlm 
pl^yyHtCjRSttS. -tLT, *f6aB<^IQt»®t= 
iSV >T . C: CMmfTi'd -y h tCJi . fif^Bf^-fkr/u 

1^ y y ^.(rmi^'^vm.h t . fmmmti'zco 

mi^mi^^^itX\.^ti)-t'oi)^m-ri> (440) . 

y-y Kli. XS4 4 8lcaO. 
[ 0 0 2 1 1 L*>U. ^a^«*»m«$ilT(r^S«^, 



Getlmpl ;>< y y HtillS^ftJt^fe^^fiicO'f 

(i, ExeBptionMechanis«^vX3 0 8<0GetInstance^ 
y y H^rDft/^aj ^l^«ll8<0«H(f&Si.S i ttcj:-^ 
Tj^^/tS. CKTjUft^aSLtCJtL-CExemptionMechani 
siD^' ^X 3 0 8<»5GetInstance^ y y JCESecurity 
:?7X3 1 4cOGetIiiipl;<y y K5rnftXa}-r (^<7)l^t^ 
asUi. Getlmpl^ y y H<O||2«O0?t^ai Lic^S CI i: 
^c:^$i^;t^r^) . ZtHznmtX, Getlmpl;* y y h* 

^lOe^^L. -ec^HSW^^l 0 6?:-f >'X^' 
>Xfl:L"C (444) . ExemptionMechanismSpi-O'X 
^'VXS^^^S. -tO^. Getlmpl;* y -y FJiExenpti 
onMechanisnSpi yx ^ ^ExemptionHechanism^ y 
;^ 3 0 SiOGetlnstance;* y y ViZ^-f ( Cl^tti, Getim 
Pl A y y H com 2 cOl^tf ai L.*>^. OSfST* S ) . 
[0022] iJiClC. Exempt! onMechanism^'^X 3 0 8<0 
Getlnstance^ y -y KJi. ExemptionMechanism^' 7X3 
0 8<Oayxh5>:J'$-ll?lXaiL, Getlmpl ;< y y H*» 
^>MSft^^ExemptionMechanisii6pH V^XrJ'i^J^^rrJV 

:^hy^'^izmt, f^t/ia^tifzm^iz. ayxhyi^ 
rJ'dExemptionMechanism^^XS 0 8$:^ VX-fb 
tT. E3»mptionMechamsm>f :^X^'>'X^^&^^S. <>: 

ExemptionMechanismSpi'f 
^'i'X.i&Exeiiff>tionMechanism^ VX^' :^XrttcX^7*-fe;U 
^-WlSKs ^yXh^^^ii. ExemptionMecha 
nism'f yX^yXCDy* V y H^ExemptionMechanismSpi 

■i yx^yx<^nmthy^^/ vYfiZ-Z'/ifiy^-ti*. * 

^.BO— SIS&JgffitClSV^T, ExemptionMechanlsm'f yx 
i^yxmnitji y -y HA^xemptionMechanismSpi-Y yx 
rJ'yXcOEnginelnit;* y y HtCV -y ev^^il.. GenExe 
optionBlob;* V >y HA^EngineGenExemptionBlob;* y -y H 
tZ'7'y\fy^^tl?>, ZeO-7^Y^y^^ii^ ExeoptlonHec 
hanism'f yx^yx<7)jt V -y H-^CODft^aj L*iExemptio 
nMechanismSpi>f yx.^'VX<7)iEL>'^;*y •/ Ht-i^'oix , 
i>Xo iZ-f-^ . ExemptionMechanismSpi yX 9 yxiH 
xemptionMechanism^ yx^ yX^l,Zi]T^)\/^^iXh 
b , ExemptionMechanism'f yxi^ yXCO-i yxi^yxit 

[00231 ^(rm.. Getlmpl^ y y HtiCiirfier^ 'jX 

3 0 6<7)GetInstance^y-y FtCjRO (Clixti. Getlmpl 
•/Y(nW.\<nnV^]i^\^ii^t:><r>mMX'hh) . Getlns 
tancep< y -y H \,Z . |^KO>f >'X rJ' VX , «0*«;cO^: -y 

Hi-Xf \%jLhfOd) ExemptionMechanism>f ^X^J' 
yx^W^-th. <5i:ts Cipher^'7X3 0 6<7)GetInsta 
nce^y-yKJi. Cipherj:'5X3 0 6<03>'X 
«:l*l^ai L . riyxVv^9 tCGetl mpl ^ y y H A- 
ftJXofcSISo-f yx^:xx, ©li^jo-t y h , isii/ 

( t tS>*i{i ) ExemptionMechanism'f yX:J' yx^lS. 
-r. CMC^tjeUr, 3>Xh5^':J'tt, Cii*er^'5X 
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3 0 6i^yXi^yXit (4 48) LT, CipherWyX 

yX9 yx^ fm<r>'t'f tSitX ( <> LJbfUf ) Exem 
ptionMechanism^ y X^ y X^Zw'aiiTA yX-^yxt^^Z 
Tirr-fe/Hb-ri. (4 52) . O^O. Cipher'f yx^'y 

^ yxi^yx^Ciptier>( yx-s^yx{,z:fiy-^Mt-tt^ 

-^tC, ZiyxV=7^ rS'JiCipher-f ^'XCO^ V y h* 

i:ni&thm^<D-l yx^yXy^V ••/ KtCV xf >'i5^-r 
S. ||*jf^®tC*5V%T. Cipher-f VXrJ'y;^ 

<OInitp<y -y Y\i^ ^CD^ yx-Sfyxamxzin&lmt^ 
y -y HlCV y tfy^Sil. Update;>( V y K(±. EngineUp 
date^y-y KtCV ytry^^fL. DoFinal^y -y Hl±, E 
ngineDoFinal^y -y H(CV y h'y^^ixS. CliO-e-yU 

>'^^(i. Cipher-^ yx^yx<ny< y y H<vc;5iif t^aa L** 

f -I. . c:ix^>«7);< y >y H<7)||g*^||J|i7)^ v;?,:J' >-;^{c 

S*^T-rSt. =J>'Ah7:7;5'{i. Cipher^'7X3 0 
6<0GetInstance^y y HfcMS. iJCfc, Getlnstance;>< 
y-yF»iiift^aiLTV%&rrUy-i^a>'l 0 41CM 
0 . r r y a >- 1 O 4 (;iSr L < :mig$*;jtCipher 

Ayx^yx^W^h (4 56) . -5-<o^, nft^ffiU 

TV^i.TTU:>--i^3>'10 4{±. Cipher'f yXrJ^yx 
CD> y <y H Sri^l^t^ai-rc hlfX'^h. 

[00241 ^wm-mmw,zii\^x . mf^ 

Ir^STTUir— yi 0 4*^'Cipher-f yx^'i^X^Bf 
t^ai-r'i^0^i?.StoO;'< y y HcT) i o*^, Initp< y -y 
K-CA*. c:<7):Sr^i, cipher^ yxis^yxcotmn:^ 

y«y K2:iift^mL-CV^Si:§*c, uft^ffl LTV^^Try 
^--i^ayi04{i, ^^k-'t5^-:J'<0-fe«yh$^tiet 

m<r>vm^J^^:<—^ (i^^WBf^-fbr/L'rfDXA**'^ 

[00251 Init;< y -y Vi)<l^tftii^tl^m^t,Z^ Init 
;<y>y l^l/iiiLX^^iTTV-y-'^3yi0 4l,Z 
X -?TS[$iTJt*[jM<b'N*9;'{— i: Cipher^ y;^.:?' 

i^iz:^r-k:Mt^ixj-cmmimth, umit^-^y^- 

^^ifiUi^(r>]yKn^tfm^tLaTco%^. Init^ y -y H 
\tWR^^^:)^—9^^in^ yxfyx<rxvi\n&\nit 

p\>er^yx^yxmi^^m:W^iztj:h. CicoJ; a 
©^flyg#fl:<OlftfP€:||?frsy::«)tc. Cipher-f 
VX:J'>'X<DUpdate>y •/Ki:DoFinal;<y y HS-, 
t^ajL-CV^i.Tr»;ir-i^3 yi QAi.r>Xim/^-tZ. 



- ^' r-b;p-fl:$ix/::S<j*^<o ^'<7PS:iei. it t mm l 

^ yX:$^yX<r)Enslnelnitj(V y HtCjg^il^V^J: d 

CipheM :^;^:J'yXi&l55»ifliL'&'V^J:3fc:-rS. Cipher 
^yxi!'yxi}iwmit$ti:^j:um-^. zivY^r^ yx^y 

i^^^^CLttCioT. Init^y y h'ti, ^!)*WtCCipher 

initp<y y Kti, ;«;?r-fe;i'{t;$ityi$iI$^7A«lliliO-f yx 
^yxizm^hixh^k^V^iiZ-ttWfi^l^-y^tL 

xm<. 

[00261 ExenptionMechanism'f yXiS'yXiiKipher 
yx^yxmz:^r^Mt^iXhm^l,Z. Cipher^'7 
X3 0 6<0Initp<y y H{±, jgj0<O«fllSr5ltfr«. . 
(OiSmH. ExeBptionMechanismW^yX:5'>';:?.*<r7''J^^ 
-i^aVl 04{cJ:-oTjEL<li?tXai^ti,. 7'-^<7)Bt 

(J. ^—i'<DS§^r-it^fTOm!liZ^ ExemptionMechanism^ 

yx-^yx^m/^LX. ^- ■ ^j/if^'}—:ru y^^ 

echanism-Y yj^rJ' yxl^ J: oTSIff SiX/iCl i: $riill(C 
•thtiibkZ^ rnit;><y y Kti. ExenptionMechanisiii^f > 
X9 yx<7)IsCryptoAllowed^ y y HSrHftXaj-T. 
Bg«0— HSfiJglifctJV^T. ExemptionMechanism-f yX:? 
-?-<^GenExeiiiptionBlob^y >y H*^Dft^tiJ$*t3t 
0 *HC-PV ^rffl^?: -eoit Cfi^Jf LX^^h { Exempt 
ionMechanisB^y>t^'>'>?.»S, ^e^S^:^fc|^1»0iftf^*« 
l8tT$tl.S7C(C^r-oTV>S) , iOffiffgli, IsCryptoAl 
lofcied^ y «y H ^ nf t^J^ffl LTT^'-bX-C^S. CtO IsCry 
ptoAllo«ed^y-y ^^^S^:illfP*«l^$i^3t (^ 
ii-h^ GenExeiiiptionBlob;<y-y h'*«P?i;^ajSiX7t ) ClJ: 
Sr^LTV^^lS^, lnit;<y-y KtiH^-f yxS^y 
X^ -t^h-h. Cipber-f yx^yxiSiWSitX'^i>Xo 
fc-rs. 'iJ^»lf^*«l«TS<tTVv5rV-vJ^{i, Init^ 
y -y H*^^»B^*''-Cg==5rt^J: o l,z-t?>(r>X\ Cipher-f v 
;:^^'>X{il6f^T'l'^V^J:3lc:^a. ta^oT, Init;<y 
•yH«. Slil<?)'f>'X:J'yxt;:Mtf>*Sn;lS^fttT{±=Sr 

[00271 mfj^LJt J: 0 {C. -eilJi. Cipher^f >'X:J' 

Br^SJCESecurityManager^^^XS 1 6 <7)GetCryptoPer 
mission;<y-y C:iX<^>cO$(J*>;{i, ^^^ixfz 

mmioat. {>L$)tni. m/\Mi\^x\^hrr')^- 
i/- 3 y 1 0 4 fizmytitum'^ 110 fc:S-:^v ^TS^S 
fLS. GetCryptoPensission^y -y KcT)— HJgJ^®?-?^ 

tcgiBH-rs*^ iyfejB®5ri¥aHtciJiBtrsBtitc. *fiB« 

«O^T^n?tC^-rS^WC. ©IfiRl 0 8 4:ilFi«ri 1 
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[0028] :^%mco-mMmmiz}3\,^x . i o s 

-s. :^¥m(o-mtmmiz^^^x. mi&(mmti. m 
m$ti?>mmtmm^zm-i< . 

[00291 mmco^^ ( -r 7 h m&tfzlim^. 
m^) {±, 0*:t{4iffliJ.:Lh<oxyhy*>/t>fiijS§ii 

(7)T/u::fvxMztaz. i^ti^m-^n^mm^m^ ^ . 
mmizm-t^^Wimcr>x.>h oamtmm^Lx^,^?,. 
:^^m<r>-mimmizt5\,^x . ^xv-huj*, i9:<omi 

(2) ^mm^tfdiwm'F 

( 3 ) tJ J:tf 

(4) ^^ti^v^<r>m:kmmLWL=^t'(rf^<oi&^ 
[0030] ^^m<7)Sf^<r>fzMZ^ X >- h'J tit'coj; 

ytyu'a^^hbLxmm^^^L. #x>-hU5-7T'f 
[00311 07 tc^^x7 :r;^ hWi&tStJI^m^co 

i:'*iiti^-tf~f, fmm.M<^x.yhux'tm-rM^mm 

^^^ixx\.^^yym^i,zl}nz.'^tihmi^^Vi^V. ft 

mkMii:$t!m(iii>'^^tix\yhm^izmt htitm 

[00321 mm(r>7'y yrji' hm&ffimmifSM-x'h 
m^maz^ ^-x^-huji; n^<DBS^rn^^vx 

T, 07<Oj: dtCBlowfishr;P:d"'JIXAT'{4, 1 2 8t' 

XAX'ii, 6 4iL'yh<om:kmM. 1 om(7)m^coWck 

o^j<v-ftfmmmioufishT/uzfoxA 

tmzmmiix\.^i>m^iz. »im^^mn^-itx2 

56h'.y hlCT'SSCtS-SLTO^. ISlfigtc. ^2x 



X25 6\z-yblZX'^i>Citi:^LX\>^&. fm^&X 
li. nt.Tll'^i'JXM.^ (dW^-^JiBlowfish) $r«St 
Oxyh«j(cfeaT'#-S.c:t(caS$ix/i<'^. ^ix4>c^ 
xyhUt:*iS-r*^fcl^filt«*>S=3:^T.tf. HfcTyUr/'J 

(00331 tlg$iX-S©JRR 1 0 814, Cipher-^ yX9 

yxtcjDi. t>ixhum<^m^x'^mixhm^-^iz 

— 3 i/' 1 0 4 tl2«> ^>iiJti* "T 1 1 0*«t> Lffffi^S 

fcWf, ^tii^x'hh, i:j.mzmmLtzioi<z. tzt 
t\tmm.m^t±mmmm<r>ry'*}->--'^B 
fflBwrr 'J ^- V 3 VJ4. flSfiorr u g :^(cjt 

<r>Ty^j'tr-yay^-ia)m<r>Ty^)->--i^Byx\ ^ 

^>iTJtff^ri 1 oizmsi^ith, *^HB<o-ie6iJ^ffitc 

fcv^T, 1*^1 1 0{i«ISiOJ^cOd*>^7)i-:)S:IXS. 
1 #ac7)»^(4CryptoAl IPermissionffiffi-CibS . Tr 
y ^—iy 3 ^-d^CryptoAl IPermission* ^><X'C 

^i^wmi.ry°')y-i^ayi,z\mm^x^x<m 
-siifi^x.hixx\-*hz.tiz^j:^, m^mtht. rru 

y-i^3y{4«IIS$n=5:v\ c:*U4, igi6^>tt-&::k<o 

'jr-i^3>-t;ifSft^>*iS. 

[00341 rr 'J ^r-i/^ 3 yi,zm>sbhtii> ztiX K) t> 

UXA=g (fzki.it. Blowfish) 

«:*cg|*) ^ti^-f-S. « 

/W:rf"i;XA(4ti^$n.|.fi*>''«7^-^'<^U'OW-CS^ 

-ojt^^, fff^fbT/Ud-UXAtiffiScoKyl'T'll^^ 
ix^S (•t^j:h-h. T)l'^VXJ>,i)<m^^1x^\'^) . Z 
<r>X 0 ic, flF^-Cl 2 8b- y h<Oft*JiSi;fttc:Blowfi 
sh*^fi^$ tlT TT U ^r- v- 3 y tj 1 2 8 1' 
•y hOfe^cllft-CBlowfishBf^'ffcr/l'::^ UXASrfilfflT 

fl:r/W:^UXA$:fieffl-C#^, iti*T\ firfe^'N*^^- 

co^^y^-^^ii. RC5^i:cOHt-^{t;r;l^:J'i;XA*5g 
^rSvltfCS, L/c**oT, m^J^yM-:S^<7)fpiz 
^ib^ZthX'^^. 

[ 0 0 3 5 1 sgt::, rr u :Jr->' 3 yizmif) (>ti^&Lcr> 
ffsm. #^^Bf^fl:T;P:r'JXA {tittif. Biowfi 
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^mth t . iiS. TTV ir-iy 3 yijimmm^^^^ 

yi}K mj^<oMmm?:^-tizti>x'^i. ^ 
<^m^b^<r>m(om^iz. irxnrr'j^-i^Byifi^ 

[0 0 36]<>:ic. zcoxd^'^mm^mz. maco 

^ixMlzX-oX. JCESecurityManager:J'9X3 1 6<OGe 
tCryptoPer«iission;<V «y V<rmf^l>Z'0\,^X§Lmth. G 
etCryptoPermission^y •/ ^tUl^f^l/iii^tLfz^ 
^XfitiLXK^tryOir—i^^yi 04l,Zj:r>Xm 
^^tlX\i'^i,m^'■itTJl^^>JXJ^^ (tibx.l£. Blowfi 

sh) *#tf-''?9->f-i'<o-fe y h^gttffis. m/tauz 

GetCryptoPernission;^y -y K<i, t-f, ^ 

i/aiu-cv^srry^-i^3i^i 04?rSi^5 (60 

4) . -i^i>%^ GetCryptoPermission^y-y H<i, Get 

CryptoPermission^ y •/ \^ifi\m/^^tth^mz^j:':>tz 
Getlnstance;>{ y -y H JrOftf ffi L/im> ^- 3 >- 1 
04^^^S. *3^J<0-|tteJ^®tCt>V%T, GetCry 
ptoPermission^ y -y Hti. ClcOi^^Srn— /I' • X9 -/ 

9^nmi,zmn-hzbi<zi.-ox'nd , zix\t. wttj 

V \^—X LX . GetCryptoPeniiission;^ y -y H 
*»/?>GetlBpl pC y .y HtcM 0 . <i?fe:GetInstance;>< y y H 
liZm 0 , <}:tCGetI nstance^ y -y K JrSlJJtcnft^ai LT 

t fcj; GetCryptoPermission^ y -y YifiWcWy^ 
t^atl UrrU ^r- 3 y 1 0 4 Sr^ST'^ •& . 
[00 3 7] DfZ/ajLTV^Sm)ir-S^g>-l 0 4*^ 
nV^LX\^hTr^)^-i^^y\OA 
Wzm!^c^ixrznhi}^<r)^m^j:ff^^^':,x\.^^ 

*»sri*^-r-6 (608) . ^^(r>-mm3m\>zi5\,^ 
X . tmM<c>*xo»w-?- 1 t rrti ^--v- 3 y 1 
0 4 1-^ t h1xtz-f)^>£ 0 -r^^-r S C t Ti?t.ix 
^^M<o-mimmizi=\.^x . zeom^ii. TTV 

y~i^3yi04izmm-?>yT4ju^miL. z<7)'t> 
izn h *»c7)ffw#*ixT V 3&»t' 5 amu-r^ zbiiz 

X-oX'iyhiXh. J a,v aro^^S V:5ng^T'{i. T 
rt; ir-i^ 3 7 r ;Hi j a R7 r -< Mz^tix^ 
ZffW^Xit. Zff)JARyr^iVt:ff^<nmW^mi 

10 0 3 81 nhi}^mitii^r>i)^':>tz^. im.9m 



mLx^htih. mwm^zii^ itfz\imL(^y^'^^^ 

trff«<orr U Ir-i^ 3^104 tc(i. 

Tzr'}^-i^B>iOA<r>^m*^W^^ix.xi5K>. rr 

')dr-i^3yiOA<r>nm^^^1XX\^^j:1}^'>tlZb 

5:5ll|{ctTv^s. z<r>¥i>^)vm^t/^^^ithm 
J ARyr^)Vfy[z^t,ilhm^t/^m}X'hhZb 

. GetCryptoPermission;>< y -/ h' 

[0039] GetCryptoPermission;>< y -y H*>U?tf ffi L 
T(-^&mi^->-3 0 4*iWSS^rflFnIS:i*-?TV% 
^V^tfflBf t/cJt^{C. GetCryptoPerBission,>< y y F 

{i. Um<n'Tyit)VhWf:&<rmmzM^\i^XCivi^rAy 
x9yxizmt(yti^Ui^^m^-th (6 1 2) . a#c 

WWi. GetCryptoPermission^y /H«. mf^VX 
wsrr U iJr-v- H V 1 0 4 tci -?Ti?:^$ixTt^S^ 

->l)^-^fzmz^ mmifi^<r):xiyvmz^^1xhWm 
{fzbUt. fc^*t(fec7)$il|5g) i}-i^mi}-ixh, fzb 

ni^ DftPaiL-c^^.s.Truir-v-gyi 04*^101^1 
shr/ud-!jxj:.c7)^&g*LTv^si^tc. ia7(?)0« 

<0 J: a fc. 1 2 8 t'-y h<OBlowf ishfc 

^57t'^3, mm^mt-^fzik. M*!;*«GetCryptoPermi 
ssionj^y >y HtCi r>TJCESecurity^ 5X3 1 4C0GetI 
mpl^ y -y KfcjRJttS (616). 
[00401 1M6 0 8{C;M-5T . GetCryptoPermissio 

n?t y y HA^Bft^ai L-c rru ^-i^ 3 y 1 0 4 

{C, GetCryptoPeraissionXy y K{±v Ztlt^<7)ff«I<^ 
V^■f*^^*»*^'CryptoAl IPermissionj&^if d *^$:??{^'f'l> 
(620) . CryptoAllPermissionCO^-^, TTV 
i/'gyi 0 4l4SlJffi$n^rlr^. ^ffym^. GeWjyptoPer 
mission;<y y HJi, f&mMLCDf^^GeUmpl J( V -y K 
tc^-r (624). L75>t. ffiTA^V^-fittCryptoAllP 
ermission-Cli^Vvl^, GetCryptoPemissionj^f y -y H 
{iXS6 2 8tcaitf. 

[00411 1^6 2 8 fC3!Q!a-rS i: . TTV y—> 
3 ^ 1 0 4 *n ^fc{iagC<OW56^ftnr^jt-5Ti3 0 . 
C nr**V ^-f^l t Ci-yptaAl IPernission-C^V ^.r 

Mz^&zb^W^i-i>, 

( 1 ) Mx.t>ti?,K^imim^m^L^^^m. i-r^ 

h-h. n^cr>m^{tTH-':f'JXJ:.bmMrj:&±^^y:<- 
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[0042] XS6 2 8-C, GetCryptoPermission^ V 

(632). ff^-^mmx'^ i>crn±^ m'^izm^iixfc 

B^itTJUzfV XA r r 'J >- 3 y 1 0 4 {c: J: 

7tt;t»f. rry^-i^a VI 0 4*561 owfishr;U 
d•UXAc7)^5rS^LTV^I.J^, ff^tct§g§tXJt 
Bf^^t.r/l'd'y XA^iBlotyf ishr;t^::f y XA^Jg^ LT 
# fc: 1 ^<^Wsitmmiz^:s, . *||H^«o-il«fej^ 

®C^5V^T^^. S^lOCOrf^^^jlffl^fLS. CetCrypt 
oPermission^ V v h'*«ff^<?) 1 OT&^MflltC^S t ^ 
GetCryptoPeraission^V-/ K(i. ffnT 

mmmsifimiz^*) . m^itrji-drvxj^iim 

!^^il^j:\>\ mi^ij^^^tltzm. ®I*«;**GetCryptoPer 
mission;< V ••/ KlC J; o TJCESecurity:?' 3 14 <OGe 
tlmplp<y >y FtcilSixS (636) , 
[ 0 0 4 3 1 IS 6 3 2iiZm.r>X. GetCryptoPtermissio 

6 4 0{Cjitf. XS6 4 0T', GetCryptoPerinission;< 
V /Hti. rrU^r-j^aVi 0 4fc:-^i.^,^Utf»=nr<0 

3> ^ if a S . C CO J: o ^rf nr**^oA><i> 

o/i*^. GetC3ryptoPennission;>< V ^y Hli$It5K0-r 7 

LTCipher-Y >x-if yxt,zMttum 

i^-th (644) . »J*«;«rStlS-rS:fr&tl, OT^CO 

XS6 1 2^^B^LTi^^Lfc*^fcllt•c*a. mm 

ifi^t ntztk. SfJ*«;*%etCryptoPennissionp< V >y 
i-5TGetIinpl;><y-y (648) . 

[0 044] — ^r, TT'J^r-i^g^i 0 4tCi2i6/i^l 

W^h^^X'h^b . GetCryptoPennission^ y >y H 
*5^L/cJ©^tC<i« XS6 5 2lCjtttf Xg6 5 2 
-Cs GetCryptoPennission;>ty y Htt, Mt^itth^^ 

^mmiw$rr^mi<D\^-nxi)^iimmx'^hi}^iio 

t^^:^'^-th, ^WdfiiZki^ GetCryptoPermission;<y 
•yK<i. :iixh<n>Wt^<r)i^ixim^^1xX\^h^{CT 

f\,^v XAizmmx'^ mm'ti>¥f^<D'&^ ^zn l 

X . -ecO^SOBf ^-fCT/Urf U XM,/^mm<D'^ -y h 



GetCryptoPennission^y •/ Kti, ©JRBcO^fe^lS 

[0045] s*$iiTt^.SB&^'fkr;i^d'i; xj^mio» 

( 1 ) Blowfishiidf- • '>^—^'—y^i5j:l/(2)Bl 
owfisht^- • U^VN'i;- 

[0046] S^>{cia7t3S^Sir-Cv^SKIS£0^feK?iS^ 
^flR^-rS. C:cO09T{i. ffW^fcBlowfishfcPr^L 

i^^hfzMZ, GetCryptoPerBission;>< y y K**C: 
fmMlizmi owf ishco 2 ocox yh*J tm^irh tiK ^ 

ixt,(r>:cyv'j<r>i£%hhfmmmt\^x^--^<- 
^^->■!r^^Lx^>^^J:\\ m-^x. fmmmm^ifi 

ffifflT-^SBlowfisht^f- - '^^-i^—y-^^crM^'^iy 
[0047] <I<7)J^, GetCryptoPeniission;^ y y K 

^mt. Blowfishi:^-- U;<r>'N'U-*5Jg^$fijtSP^ 

•(J-<i:^C:f^i?'^>^rlr'>, GetCryptoPermission;^ y y K 

{:L<mX'\i^- • U?^-'N''J-) <0*5»=5r^l^*«fiM^ 

^, .KOnpnri&jafflL^V^ J:<0^S:^t3^(C, GetC 
ryptoPernission^ y -y HJiJgS$iTJt^&^«S:^ 
^S*^=5r-«9<J=5rll^l0 6 (04) C 
COS&acO^IT (652) iX'tC, GetCryptoPermission 
^ y >y H(il2A6^>il7tff^cot^-r^t*^5:3iffl-r'^ 

[0048] tmifMmX't h^lt SrGetCryptoPermiss 
ion;<y -y K**;9t^'^'5*n-t-x GetCryptoPeniiission;< 

y-yHti. umr>^yif^i'Vm^xt\if£<%miM^^ 

fflU, Cipher-f >'X^>'XlCjDt^.nS©l*«;S:St€-rS 
(656) . GetCryptoPennission;^ y -y 

H<±. c<orf^ti«itr/i-d'«;XA^t^««^j^o 

zcoa^yhO {±, ^^iSS<og%]<7)xy bu T'*. 0 . 
<0ffl*!;{i«;MII;ft*«2 5 6 t' y hO^- • *J/fJ<V-^ 



(a3))01-216 04 3 (P200 1 -D35 



*«;*^'GetCryptoPermission;>< V -y KlCi oTJCESecurity 
^7X31 4<0GetIiiipl;< y y HtCS^fiS ( 6 6 

GetCryptoPermission^ V y Htt. Cipher'f yx^y:^ 

[ 0 0 4 9 ] xme 5 2tcRr>T. v^mcoit^t,^ 

T^^V^^. GetCryptoPeniission;< V y HJiSORBcO 
x7^;l^h^$rfiMaLT. CipheMyx:J'>-x{cJn;i 

htih^^mm^^h (644) . 

t>h, m.r>x. Truy-5^3yio4»4, rru^r- 

ptoPierBission;>{y y K{Cj:-3-CGetlBpl;>< V-y KtC®$ 
iXS (6 48) . i^B^tT^C^^iat, GetCryptoPer 
mission^ y -y HJiCipher-^ yXKJjD;! ^>ixS$il 

{Cj;->T> GetCryptoPermission^ y -y Cipher^ 
>'X^'>x(c. H-z.t>lxh'^^a:>mmX'WEX<m^W 
Sr^i. J: -5 fcf S . WV^;?. h t , GetCryptoPeniissio 
np( y -y H(iftfSP-'^K7)|l|*!;$-Jn;i. J; 5 fcfS. 
[0 0 5 0] Btrj^LJtiptC. ©IBSl 0 8<7)^-b-y h 
(01 ) i&'i-trMISiOx^^r/i'h^t^^ti, 31 

m^m^mmtmmizm-:}\,^x\>^?>. ^^^mco-mm^ 
i,zm-^\<'^xmi)^tii>. 

(1) *Bi»a}^. ii itx ( 2 ) wm ( ^I'-Ar?- 

^' 1 0 2*<^A§^x-S.ll*7t(i%JScoS») 
[005 1] .rfL<^c7)ffi»cO-b y hJ±, {J^:^i:^7)J© 
M=5:S<o-C, M*<o^<o-b-y hi:— Srrs l-5<0 

^^(^—mmmiiztowx . z(om^±'?-=^9mi&. 

mLxnhtii,. ft«c«fc(±. 2-:?<oS»to-fe-y h{4-v 
-i^'^ilT^IISl 0 8c7)^m-fe-y h^^^t. v-i^' 
*±, -etfOff^j^utMISl 0 83!;^'2ocOffi^c7)-b>y h(?)S 

i:>^mtifcmm^:'ttsj:d^j:ij^x'mn^tii>. «t» 

[0052] 09IJ'e-i^%a<7)«t^Sr*LTt>S. ® 

(c^§nTV^.SJ;d(c. *ffl^{iJS7 0 2{4. t'^jt/U 
h a yiii—:^y h 7 0 6 1 ^^rj ^->- h 7 0 8 A> 
^>«^$itS. H^tc, i^&7 0 4{±. x7=ryPh3 
N 7 1 0 Y7 1 21}^hm 



T . i^rf^-:t-y N708i:712{4. 

Wim.\,zn\^x. 'fyt)VV=iyi^—^yV7oe^ 7 1 

Oi:^^n:X;K-:t.yN7 08, 7 1 2<iH>ft-, 07i: 

msM:LxwLmLtMm<7)^yi^fVhm&7 lAtm^ 

^7 1 6i:lltJgiC5-LTV^S, "f^Sri^-^. 
^^yhlOe^ 7 10, 708, 7 12{i. 0*Jt(i-e 
timL<nx.yh^)i}^hmm,^fih. ^-xvb'Jti. OT 

(2) ^fei^^ffi:a^/^{4il»ii^ 

( 3 ) fi:*cil;^fcj:l^ 

(4) flUOBS^K 

[0053] %t,fx.tzmm 108 ?r^< */u 
h a >'.-K-^>>' h 7 0 6 i: 7 1 0 Srxi^ hi; r t 
s^'UT. »4.fiSS!l^l 080x7 ;J-/l^h^«7 1 4^ 

±«-r-S. t;^. ^3>-.-K-:^>>'h7 0 8t7 1 25: 

^7 1 6^5bs-r^, ^com*^^*^^!^^. n(^ti 

tiW^l 0 8{iJ(ESecurityManager^'5X3 1 6<0GetC 
ryptoPermission;>( y -y HtC J; -5T€!ffl$iXT, Cipher 

[0 0 54] <}Cfc, HI O&tXHl l<07O— f-v-h 

nhtitzmmi 08) , a9lc*LJtJ:9lc. X 
7*;Ph3yd?-;t->'h7 0 6, 1 10 tf^-^iy^— 
^yhlOS. 7 12 «S!HB<0"7-xSfP^fieffl 

[ 0 0 5 5 ] 0 1 o<nii o tiz. -^--JmrnrnM 

Aco<j:«ox> h u (Z(7)m^iim^(0J^y h o ) <r>m9i 
(804) SIS?L/cxyh«;i:ift«Bc7)x 
yhVb^aMLX. Mmt^:cyhV*m^B(,z^ 

■th*-i; 0 i}^^^'th (808). ^^m-mMB 

::t')XM.^i5Xiffm'mm,hiimLxniyixh, m. 

mB(Dx.y h vi,z^t^m<DT/u::f*jxi.bMmm<r) 

mi^^hita^mEt^t. ico3LyhVii'Mm-ri>:cy 
hViz^t, iwi^fc, 2o<oitJi5-r5x:^hU<oiW 

mti^ttn^tix. «t{W*«>sn3t^R8i&^-rs (8 2 

0) . 

[00 56] Z(Dljm(Dmt LX. mMAtB(Om:f}Cr> 

hU^#X.S. j?C^A£7)x>hUOS;*JfeR*56 
4h'yh. «:*;^OSLScAU 2, igtmBOxyh 
fe*J|^*«12 8b'.y «b*3BIOigLa*«10i:-r 
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J: 9fc®||ssrtfc:et$i||«;§*iyt:*]|5R*«^$ns . 

10 0 57] mi.mm^ivrzmmii^mt'ofzm. frHr-> 

xyht>*iiS^CC^5itl. (824) . CltfOffLl*^ 

XA^tft^«M«A»'#^£f dOffHr-'Xy 
-ecoSIRBhLT, XS8 2 0Ti^$it/ie 
t,S(J*<; Sn7t:MK*<??it^l. , if Lv >x y h *5jR«c 
tc^$nst, 3S^£Stl?LTV>|.xyhU<!0«ia*«*l 
T-ti*. ^LT, igc«Atzc:iUXhxyhU*iff^£-rs 
*»t'd*H?)«|fr*i^§ixS (8 28) . xyh'j^i^^t 
-rsig-&{c«. Jaa5:Xm8 0 4fc^L-C, jR3JA<^<J: 
cox>-hU$:S^L, iStS-f.!.. x>h U*«#:aL55r<r^ 
«^t{±. *!3®S:XS8 3 2 izmb?, . 
[00581 Xg8 O 8tCM-5T. R^ATSitl^LfcX 

iBtlgBtV^yPHX^-KcOxyhU**'^^ 
L=5:>.^*>i:d*^*iI8(r7&5^$fL-& (8 12). .Ic0'7>f 

oJtJ^. SS?S*iJtxvhU<oi8Ba*«#IT-rs. iR^ 

£0<):<Oxy h y &;^^S3t«)tcXS8 2 8'vittf. 
[00 5 9]—*. IS«B(cv-f;H<;<r-H<OxyM; 

Mi^^tifzum^mm-?> (8i 6) . zcom^it. x 

^8 2 Ofc:ov^-CM^L:^giH.Bi:^t*«-CtT*>ilS. 

mciz^^^ti^ (8 24) . CWfrUv^xyMJtc: 
li. SISi5t3tx:^byi;^tr/l':d'UXA«i;^|^(S« 
**^fr!tf-5. dcoffLV^xyhUtcfi. 

LT. XS8 1 ex'^t.':>fzmi,mm^tirzmmi>^ 

#?Ef »rL^^x>'^y*>-Bc»c^c:^^$^^^i:. m. 

S (8 28) . x:xhy*qf^EtSJ®^{C«. KUl^rX 
S8 0 4fcML-C. B^AtOJJCcOxyhU^SKL. «i 

s-rs, c<7)«ui{4. isfeAco^xyhyA^aMsns 

tXM<, 

[0060] mmA<r>^xy h vti'9m$tvf:im. mt 

Acoxy h y(c5tjeL=5rv>Bc^BcO:^x>'h u^'jasf 

H*- H<7)x>'h y*«iftttS*»i: p *>SrfJBrr^ ( 8 
32) , iRIRA7&»'7-f;i^H>!r-H«0xyhyi&^oT<.^ 
^V^it-g•, jRIKBcOitjDOXi^hyti, ^tl(>i)^mc 
tcf^^$itSi&Jncox>' h y tc^rSc: i:<4^rv^co-c\ Z 



lc'7>f;l'H;ir-K«xyhy*«#ftU:5:»'^-^. iR^C 
0<iS*^'^T-r^ (836). 
[00611 -^r. jgcJRAtcv-f H;<^- K«oxy h y 
jR^BcosaaJi. K^BcoiXiOxyh 
y (c:<oJ»-^«ft^<ox>'hy ) <7)^jfi*»/J>i&*i) (8- 

40) . S«?UJtxyhyi:iR3fEC<7)xyhyi:5E-lfc® 
LX , *tJiE-tSx>- N y ii^m^C tcff^rri. A^t' o *'Sr 
Wffirrs (844) . *l&Hjc7)— Sli©^®tcfcv^T, c: 
o^^ti, Stl?SiUcxyhyor;i':3'yXA^j3j:tf 
'5r*>tXfc:iSSgc<^xyby<Dr/i^d'yXA 
ctZ/^I^JSfS^fc ^IfcSS-ri. ZbizJ:-o xnhti 
S. ^tje-r4x:xhy*Jjgtsec(c^o*-^y;:J#^. SS? 
^futxy h y ismAOxy h y <D!sm<7>-^t L 

x-rxizmm^titzztiM^Lx^'^h. z<r>m^iz. 

T . J8ra*<Xg8 5 6 ^^Jt^TiR®B<^)i5s:^0X>' h y S: 

[00621 -:tj. miK^tifzj:.yh otmmc(r>\^-r 

^^cox:x^ytct^^^St■t^^^v^i^, m9i^.itfz:cy 

irOMtx&hmmtifcmmi^^h (84 8) . 
z<o^ii^ uma 2 0 tcov^r Huj^ Lfzmmtm tir 

t\\x.yhVim(MCI,Z^^ilh (8 52) . ClOgf 
Lv>xyhy{c{4. §itRS^x>'hyf:lltr;P:fy 
XA=&fc^fe|^i(i:fej&J#ft^SC:i:tc=5:S. zco 
«f Lv^xy h ytti, -^ffymmt tTXg8 4 8-ei^ 

X y h y *iia^C ic^jSSiiJt^tc:, J^ffiSS? $ n/cx 
yhy<^a**il^T-r*. -eLr. igi«EBt»cxyh 
y**??=frrs*»ir5*»^gii^-rs (856) . xyvy 

*^'#?5rrS%^, fmi:JM84 0izmLxmiBcr>}X 

^xyhy*<j?ia$as^Ti^<. :^xyhy3&«J!yi$ 
fL^t. Kmcoffi^^^i^T-r-l. (860) . 

[00631 :^^m<o-msmmizi5\^x . mm^ixfz 

v-i/MS|{4JCESecurity^' 5X 3 1 4 <0-f ^ 
if tc J: o-CH^rSiX-e* . JCESecurity:^ 7X314 

■fii, ^ ~iy-ry^^iz^^tLtzmm<r>2-:>Ui±(7)-t 
-y h^v-i^'LT. $iJfiB<0^-fe-y h 1 OSSr^^-^S. 
^$^^S^OI4C:^O^OI!B<0^-fe•y M08 (v'^rr/i'h 
iiSi:^i£^i&(ii.-&) X'$)*}. ztm. cipheMy 

X 9 y XtCjDi. totV-h ^-fSGetCryptoPermiss 
ion^ y -y h'(;J; -5-C-?-<^1^fcfiM$itS. 
[00641 Bir^L^: J: O fc. JCESecurity^' 9X 3 1 
4<0GetIinpl;< V -y H*<, M^-f S-flRW^^ 10 6 

co-f yx^j'yxiki&asut:. HH^o^f yx^'yxS:*. 

yX^'yx-ftSPKO-gPkUT. Getlnpl^ 
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\^X. ^cr>im>>!!:mi. Getliiipl;^ y -y K*«. m^-th 
-ffi«=5rS@l 1 0 6 ^iSSEL . PI^-f-S-JRW^IISI 1 
OeA^^l^-AV-i? 1 0 22ri2iE'r-Stv->affi5:i2iE 

fm^^i 0 e^j ARy Mii'f-^iSffi^^^ 

iX. (2) 1 02C0J AR-7r^ iUif^f 

i^i'JUm^^tl. (3) JCESecurity^'7X3 14*^ 

m^-th—mp^^^ J Any r 4 fucom^<ommz 

^T^^7r^Mmj:im^^mm(obfvsc&ted trusted pu 
bl ic keys) CO-t-yh ^iW^^A^Xh 0 , ( 4 ) m&th 

[0065] Z<r>mmi:^x. (>ixX . mi[MMifi^(nk 
OlZmf^tli,. i-r, JCESecurity^'5X3 14fca 

m.tixtz^m^£mmmmt:^mLx . cetimpi^ 

y -y F * W-rS -ffifl^r^lfliO J A R 7 r ^ ;K?)x i^' 
-^fc. Getlmpl^y -y Hti. RBt-ri.-jEW=5rl^l 0 

mm^j:^ 10 6 icsA^a* njtfi«4^^ii2-fieffl l 

^SE-rS. 71^— Ay— ^'<OJAR7r-f/K^xS^:5'yl' 

fc. W^^^-«iW^l^l 0 6t7W-AV-:? 1 0 
2coW**«iELv^^;«tt. S^O^VXrJ'yx^iei^ 

[0066] C:<0:^!HS!M<7)|ifi^T\ Getlnpl;^ y >y 

USeSffiCtSV^T . Getlinpl;< V -y KtiS^ 

O:^-ec0tc0{i^L^V\ Getlmpl^y /H 

tt. rai«t--S-®6<r5r^ 1 0 6«rv^/l'S«i:^ 

T'JiS^/l^m^mEWmiiJuiva RuntimetOW^&iEffiCSigna 
ture Mechanism) tC^S . ClcOS^SIiti^ J a v all 
aJTJb 0 . y 1 0 2<7y-B-Cli^ 

\'\ ^-yX. 71^— AV— ^' 1 0 2*>^>aSfc, 

jEi\.^tmmmi:mfLx\>^?>) ^it^mE-tttubiz 



[0067] ^ti-hm^mmitkux^ txo iz-ritz 

St)(,Z^ JCESecurity:7 7X3 I A\,Z\i'y^j:<ti>2r><7) 
^'J^)\^^^^<r>f^lizmt^ikA.X'hh, 1-5(4. T»B 

R5=5:fiS^^«^^ LT^-C^ I. ^ tifWi^->Xti 

s=fe«sffl^se®rt.&3![ia<oifrsg^:io<o^S6Jg® 

01 2{c^$fiTV>S. 
[0068101 2fc5^$ilTV^SJ:dtc, «iiE«Si 

«4, «W^II=S:xi^'^;i^^) <?);^ ( 9 0 4 ) 

tfi?tt, *^BB<0-|IM}^®^^fcV^-C{4. 5yyA«M 

S«<oio*«S«?§tt«.<!:i:t=;^r?>. yyyj>-tt 

L-ct>?Ti)fis. imizmi$tifzm^i)^±xntm^ 

com^. XS9 0 4tc:J:-5tfa60S^*^StR$*i.S. CI 
n{4. 20£7)Srgc7)#/?*ii!?^r< i: t loSS?$<x. S 

[0069] S^cT) 1 -:?*JSfR$nitf*. SS^^^ii^cS 

$fLS (908). S=S«filt4S*3&*^?ity:: 

Z<om^ii^imii>tl (912), jE5S1t*^2$ 
ft* ( 9 1 6 ) . ft«cWt=tt, Sife«Nt(=«*5il^S 

0 ) . cicoJ&^tc. ^msmifiwr-rh (924). 

[0070] g^Sti-r^W^t^ML-rSttSX-^^^: 

fcraLT«^»t^*lTd (928) . ClCl-C. n»ffi®<^ 
a*Lv^^ (y::ti.{f. 5)t:*J>S, nm^trSitTV^ 
^rV^J^. }!!ia*Ig9 04{c:MtTtd IJSS^SrS 
^m^tcffiS^L. *£?^^gEitrS. JtaaSrnHI^U^: 
J!WiS-Xe9 3 2lC»ftS. Xn9 3 2t.X:9m 

^tiTzm^iziitLx&mLfzCLbifi^^^t (is^*nEU 

<^:V^«^, 5!iaj&«Ig9 3 2*-CM4>'rtc, IS9 2 

4-C*l7-r-S.C:i:tc^S) . ^OiatcLT. S^S^W 
*^5gffi-Ci>-S.^i:A^^*S (9 3 2) . CiO%&tC. S 

^mma. mm-^-mm^j:^ i o 6 5:i2BE-ri.Geti 
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vs>hztii^m£^tii,b. mBmi^mT-ti> (93 

6) , 

[00711 IMcofSmn^fMii. mE^m^Ti^i'fl' 

ztizx*). mBsmi. T-m:m^mm 

[0072] "fJ^fim^mmm 
mi>zmM^-txmmvx^fz, js^jirx:?/!- 

m^tix\.^^j:\.mmcmmtiMm-^, ^i)-^x^^h 
^tLX\>'^^x\'mmi>z-mmi,zmm^ix^:fjmi. mis 

(O^Miz^. 

[00 7 31 01 3t^§ixTV%SiaiC, ^SE5!iS»i 
ik^< t h 2-:)<7)'^ff^^<OV^■ri^*^S:^I®Si^TV^^ 

\>ymiizm^t^(^ioiBt.i> (i oo4 ) , z<7)m 

if. ifc:-^)<o«^. td-o<otf«^*«SS?§it 
SI 0 0 4J±fel8alcaiRSix^1»i^t#Ji:t- i.. a 

mizmiR^ixJ::mmf-^xm t««^^-c*-?/t«^. 

XS 1 0 0 4 1 J; 0 fl!lcof«gS€*^SJ?$ii?. . Z ti 

tlx V yim(7)mm&i:^^iizmscr tzt^^mt 

[00741 fflffBi^O 1 o^i^S^^ii-t^. StR^ii 

fcffif8is^^«iffi?*i.-cv^^vv®iitcS5^-rs (10 0 
8) . mz. im^tix\,^^\ymmi. m^^iif^imt 
B^izMt^fm^mm-tt. zcof&^i^im-yx 

(10 12). iEHttcOlSigSrff a ( 1 0 1 6 ) . m«t 

im^tix\^^j:^^mmtmmx'^j:\^zkifi^^ 
$tih (10 2 0). zco^-^iz^ mtmtiimT-ti 

(1024) , 

[00751 ^im-^tziicm^mm^titzmmm. 



9*HcratTc0^^5rtfd (1028) . ZZX\ nti 
eS^oa^ LV^^ (^vTixtf, 5)T$).6. nlll^$ 
fLtV>^V^i^. J!ra$rXgl0 04lC-KtT. t^l 

0 3 2{c:jttf. Xmi0 3 2tX^-tht. i^^ix. 

^rv^J^fi. JIfflj&iXSl 0 3 2tc{iM<o-rtcXgl 0 
2 4Xl^T't?>ZtiZ^^) . ZmXoliZLX, 

tix^^^^mmammxh^ztij^mM^it^ (103 

tL§ t , :mSE>!ffll*>»T^-i> (10 3 6), 
[00761 ±iS<iOS|lfflWtK*{4, 2o<7)ffl«^*»'(i 

tTS)^. Zcr)i^m^i:=fm^^^i^'ti>ZbizX 

v^tLT^b, mf>xmmx'S>h. m-ox. z<^^9m 

[00771 t>'N— H'>irfO«®)2|s^fiMB<?5— ^]^® 
tcfcv^T. *J&BB{±. lifeJiSjaoT-a-fe-y-y-^^ff 

;r/l^— TWv^y-r J^t' •3-— Microsystems, Inc. 
tt^Java (e»ffiS) Tviy^ ^.y^^i^Xr-^?: 
^ti. ZtHzm^^tvi:\i^:^y'J3:i^ hmt^yx^^y 5 
y^i^x^J^<7)-mb LX^U%i>. 01 4tc. 
<O|lifi0®*5|^$iT-'CV 3 V t A-^' v-^xAi 1 
0 0<0>'N— H'^xTOT'n y^'H^^. a>'trjL-:J' 

v;?.xAi 1 oo{4, ffigc7)a(it«ffl-rs>'<^i 1 0 
2 1 1 <«±fl!ic^jHi«i«i. ^^>ixtcvN'x 1 1 0 2izmm 

^tLX'(m^:9!!mti>yo-k'y^ll04^:^ts. :3> 

(RAM) trzimcommi^m.^b'cr)±M^s.i 
1 0 6 t,ffl;*a*ix'Cfc 0 , 1 1 0 2izmm^itx 

ro-fey-9-l 1 04*«lltf-r61f«i:tSr^S:«#^S. 
^Av!. ^B^Sl 1 0 6{±, ro-fe x-9-1 1 04*»'(& 

T^A 11 0 OH. VN'X 1 1 0 2I.Ztm^tlXy°u-b yV 

1 1 0 4*«ffiffl-r-s.s?«^fSf8tiJir^^fisi?-rsgg;^^ai 

(WM) 1 1 0 8i3ttiflfe'O»WISii^a 

111 0{±, VN'XI 1 0 2fcrg^3*tTflf8i:#^«ff 

[0 0 781 nytfjL-^j^XT^Al 1 0 0«. ^^'X1 
10 2$-lg6LTllfiill'g (CRT) ^rt'cor^xrv 
^111 2lcSg?5n. nyf r-tcttl85: 
^-rs. ^'^^-}iJil/i&<r>^-Hi^i^b-ti>A 



(a7))01-216043 (P2001 -8*515 



^msi 1 1 4kiJ<xi 1 0 2izim^tix: w^tn 

0, :6-(6jfS#Bi:3-?yHcoStKSrro-fe: y-9-l 1 0 4tc 
T'f;^7*P-^ 111 2er):^—VfU<7>m^'S:mm-t 
S. C:oA:'JilSli, iiSSgl fft (/^i:i.{f. x) km 
2m(f.itti-i. y) c7)2tt<?52®<Oii]Ki&^-5TiJ 

[0079] -m&miz^^x. ^^m<7)mmi. ± 

le^S^S 110 6 iztm^tx-fz 1 S;t»i«Stc7)^^<7) 1 

tfziiwsc<r>=y-yy:^^m^^-r^'rx:i'b'/^i 104 

tOid'Sr^^Ji, ai^ai 11 0^:i:c7)3yti-^ 

1 1 0 eizm^&tni>. ±m^mi loeiz^m^ 

iiJt^^-^-^vxSrTctc, rn-fe 1 104*«c:c: 
[0080] ZZX{m^tiX\^^ r3>fi— 

■fe -y-y- 1 1 0 4 izi^imi-th c: t tra^-^ sffiS^o 

ai 1 l0^j:}iff)^4X'?t.i:z\m^'f4:^i^t/^h 

«^1tlSEm=:{4. iffiitSISl 1 0 6=S:i:««lft<)fe 
.1i^a*«&«.. eiM^ttctiti. 1 0 2€r«fi!c-rs 

1^i>m.^J:b'(0W^^zh^J:h, 

[0081 ] 7ti:i.Jf. ay\^a.-:$^tim^n'0'^m'^X 

^rtL<tl'5-<Dfl!lcOia^«£, CD-ROM, ^cr>m 

RAM, PROMiJit/EPROM. F 
LASH-EPROM, •f-<?)fl6(?Dp{t U— f- yTt L< 

[00821 3>'fcrA-i5'*»SE;?kffi0^8l^:«l*OV^^ 
v^^^rS^Wi. 1 tt:.\,mWL<r>^'^cr> l * ^^cti^o 
5/-- ^ryx^, ^&^i&||tf-tl>rn-b y-9-l 104(cjS 



vX-fAi 1 oo^^^^LTo-;>&;^^^:TA^imfi5^•C• 
r-^^&S^t^. ?^^haih7yx5y^'2rffifflLTT- 

^^^^mim^z^-th. m-wmmi^^i^'^ 

<0-f--^*SmL. aS^rlHlSS**^-;??:^^'^! 1 0 2 
±{ci2B^S. >''<^1 10 2(5. r-^J'^riKISilSl 
lOetcS^. -et-C. 7-a-fe.y-9-l 10 4*i^^2rlX 
OtULIIfT-rs. i^l^Sl 1 0 6*«Stt]Ro/ii8r^ 
{4, ra-fe y-tfl 10 4*JSIfi=^2.mrM*«0fc'^<bMc 
KST-iBlil^Sl 1 1 Otc«#§ni.. 
[0083] ^>\::t.—'!fi^X^M.l 100»4, 

A'x 110 2 (c«^Sii7tjifi^ ^^--7 X ^ ;^ 1 1 1 

8^-^tf. afl-f>':5'-7x'fXl 1 1 8li:2:fr[6ic0-r 
-:5'jl«**nriST'S>'3 , a-;&/W^-y 112 2 

^ZW^-tttz^C^^':^ hV—^ U y^' 1 1 2 0 i: 

o-cv>s. y::fci.{f. afi^>':5'-7x-fxi i is 
(4, T'Jif'fm^-i^'^^m ( I SDN) /i-vtrzti 

M,b^tcLti>x'^^. ^fc. ^(TMcnrntLx. mm 

Nl'SflH- S a-;<r;WX 'J r ^-y h "7- ^' ( L A N ) ;i& 

-Hk-ri.ciiit'css. fm*)ycfi^^x'^h. c 

[0084] ^-y hV-^'Uy:?' 1 1 20J4. 1 

1 1 2 0{4, a-;<r;t':t-y 1 1 2 25: 

fiM h 3 y tr jL-^' 11 2 4 1 Jt»4^ y :J'-^> 

}.^—\^xtujU ^ (ISP) 1126 tcJ: r>XM 

n^tix\>^hT~:^mmznLxmmi^-t?>. »: 

iZ, ISP1126«4-ffi{C>'-<y:5'-^-yhj 112 
8fcii?{fii-Cv^i.itSW=3:^-«i^>y hr-^'afi^-y ^'7 

/^;^■y hV-^ 1 122t^y9-^-yVl 1 2 8<4, 

fi^*;tJ43e®-f-*ffifflt-S. V%-?>V^6^*«yb'7-^' 
SrfiMf Sfi-^=5r^>r/t:^-y h V-^' U y^' 1 1 2 0± 
<7)ft^fc<klXfflm'f >'^'-7x-f ;^l 1 l8$reOT-r^» 

<s^(4, mm&mjmMm:mMT0.(^B^\^x\.^h> c: 

A 1 1 0 otcamu, 3:^trA-^'j^:^xA 1 1 o o*» 

[0 08 51 a>'€:x—^>':^7-Jx \ 1 0 0(4. ^y > 
:t..y h"?— 1 1 20iiXlfMm^>9 
-7x>f>?.ll 18^ffifflL■C^•y^:-^^*?^i*^S'C^, 
TO A 3- H i&t4 i: -r i. T- ^ l> . 
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- Yt'^m^^tifz t ^ . -ff— 's'- 113 0 *i-eit5r ^ > 
>yhll28. ISP1126. a-Xf/l^^'/ h 
^-7l \22iiXxmm^ y9-y3i^X \ 1 ISSr 

-H5:S4tffi-:>3tlS(cro4:-y9-l 1 0 4-CII^TU7t 

"5, isv>«, aitiisi 1 1 o±tz\m<n^m^'& 
y t A-^' i^xxA 1X00 {iaK^&<o^t:-rr u 
[0086] 3K«f ^Mimm<r>mtmmi<zm-:s\'^ 
*>f>jsiffii-rsc:fc^<. z<r>micr>m^i:^Lx^^m 

[0087] 

[0fflcofsm^iiHai 

[02 ] 01<?D£^XxA:^f*OHR«PO:iftf^i&^-^^ 

[01 ] 



[05 ] 0 3241^4 fOUSfe^ScOiftf^^^-rSSEHHT 

[06 ] 032StU^ia4(5D^flB^®cOiM^5r^-rSHi0'C 

[07] T7;«-;PM5^i:^fel^S^^t±t>^i:-^2'*'ilS 

[08 1 JCESecurityManager3r:?'i^x ^' h ^' 5X«GetC 
ryptoPermission^ V IIS(^®<!OS&fPSr^"^^ 
tt0'CJ>S, 

[09] ag!l<0^<^)-b y h 1 f ^ t^"^ 

X'hh, 

[010] «aiJcO«a<^-«r <7 h Sr^RRcO— :)<0-b -y btc 
[0111 mi\<r>W^<n^-^ hS:©JRB<^ocO-fe y htc 
[0121 fi«$ittv>^v>x>^^/WS=S^tEfia8«0S 

[013] es<oft«$n-cv^^v^«m<^&it2:is^ 
[0143 *5gHB*j|isrrs3yeA-^'i^x7^A<o^N 

[061 



rllO 



104 



102 



<110 



10G- 



104 



100 



108 




10S 



I 



I 



(tl9))01-216043 <P200 



[051 



■9— fXCDSSSO) 



202 



204 



'206 



208 




440^ 



[113} 



-110 



104 



Z 



104 



CIFHEK. 
•GEIINSTANCE 
CXINSTKUCrOR 

•mu 

•UPDATE 
•DOFIKAL 



y-306 



308\ 



API 



EXEMPnONMBCHANBM 
-GEirNSTAKCE 
CXJNSTR.UCTOR 

■iNrr 

•GENEXEKOTIONBLOB 
■ISCRYPTOALUOWH) 



302 



JCESEOIRnY 
-OHIBiiFL 
XNTTIAUZER 



314 



316-M 
IT 



JCESECURI TYMAN AOER 
• GBTCRYPTQPBRMISSIOK 



102 



108 



320 



[127 1 



(1) Tn^dyXA«:BLOWF ISH 
1 2 8 tf-y h 



(2> T/l'^'JXA^CDES 



(3) Ty»'=fyXA«:RC5 
tt<t>«n: 1 OB 



(1) 7'/U:JUXA€:BL0WFISH 

(2) TiUrJ'jXA^.BLOWF I SH 

Ut8«: 2 8 6 If 9 h 
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[0101 





624 



828-^ 



(Gl) )01-216 04 3 (P20 0 1-Bl*3? 



[091 



[012] 



702 

<L. 

706 





108 




714 






MIR 






S 
1 716 




II 11 



704 



710 

, 





840 




lfcttL'Cft«m«ah.fcl«l« ^ ^48 




852 



1131 




-1004 



-1008 



1012 



1020 



1032 




1024 



Mlca>««KT 



--860 
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[0141 



1116 



noe 



1 



ROM 

1108 



1110 



I 



no? 







1104 





1120 




1128 



1126 



r;>fi;;4r^SOT 94108 AVyitJUzz,T 
hV-h i-y/^-g 540 



